Overview

overview

10

Static

static

10

2024-05-23...ch.exe

windows7-x64

9

2024-05-23...ch.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-05-23_a6b1285c88d91f63d99e7fda5acb9b57_ngrbot_snatch

  • Size

    19.8MB

  • MD5

    a6b1285c88d91f63d99e7fda5acb9b57

  • SHA1

    b08cfef47fec942f1e8968afeb5a92f83a109e73

  • SHA256

    4503e70063f8becb57638e8450a8a14973f0696571b10a287e8ce000b67e2a1d

  • SHA512

    17a0304d9c8e2927ed10e839eab5f07fc3e820b7bfd84c6923336414485ff351cdbbb5785c832719ce538caa174e09ac0eb2ac34618305ece8e0d3d281be2f17

  • SSDEEP

    196608:1VmvWv3wBTIE0DO9TSvdyFClKe0kU05lBJUSUn3cKViIRZFhwj5fZ0u:1kvTv9Tuy1PkUklBPUsKVi6HORZ5

Score
10/10
themida

Malware Config

Signatures

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing possible sandbox system UUIDs 1 IoCs
  • Detects executables packed with Themida 1 IoCs
  • Detects executables referencing virtualization MAC addresses 1 IoCs
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-23_a6b1285c88d91f63d99e7fda5acb9b57_ngrbot_snatch
    .exe windows:6 windows x64 arch:x64


    Headers

    Sections