2024-05-24_4320b102e86753ed689a06868f7e1d8d_snatch

Sharing

General

Target

2024-05-24_4320b102e86753ed689a06868f7e1d8d_snatch
Size

3.0MB
MD5

4320b102e86753ed689a06868f7e1d8d
SHA1

9a40c5a7c919bf57f4f98a40339c7cbd6de2c937
SHA256

7916b94e36ad56f80422f91d01fb8499eb6c69dfda885ef1e3ad210fbb338443
SHA512

8e2499765967326a3f4c9e50d7ad6b7faeacf09db6a45d1af2a0b92379f4ee45453f71935c4923c3b4f13bd18a5d9642ecd477eb74a6e63c55f7e61e318065fa
SSDEEP

49152:kCHVvYqlRz4zbrW6ESPbRrVpOXGO+EA/G+ol348B5Y733:DVvWrTEqvOZxG3

Score

10^/10

Malware Config

Signatures

Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_References_Confidential_Data_Store

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-24_4320b102e86753ed689a06868f7e1d8d_snatch

Files

2024-05-24_4320b102e86753ed689a06868f7e1d8d_snatch
.exe windows:4 windows x86 arch:x86

1c2a6fbef41572f4c9ce8acb5a63cde7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winmm

timeEndPeriod
timeBeginPeriod

ws2_32

WSAGetOverlappedResult

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 1003KB - Virtual size: 1002KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 274B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/63
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 34B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/99
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/112
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c2a6fbef41572f4c9ce8acb5a63cde7

Headers

File Characteristics

Imports

winmm

ws2_32

kernel32

Sections

.text Size: 1003KB - Virtual size: 1002KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 77KB - Virtual size: 155KB

/4 Size: 512B - Virtual size: 274B

/19 Size: 136KB - Virtual size: 136KB

/32 Size: 39KB - Virtual size: 39KB

/46 Size: 18KB - Virtual size: 18KB

/63 Size: 20KB - Virtual size: 19KB

/80 Size: 512B - Virtual size: 34B

/99 Size: 279KB - Virtual size: 279KB

/112 Size: 142KB - Virtual size: 142KB

/124 Size: 47KB - Virtual size: 47KB

.idata Size: 1024B - Virtual size: 902B

.symtab Size: 229KB - Virtual size: 229KB

.text
Size: 1003KB - Virtual size: 1002KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 77KB - Virtual size: 155KB

/4
Size: 512B - Virtual size: 274B

/19
Size: 136KB - Virtual size: 136KB

/32
Size: 39KB - Virtual size: 39KB

/46
Size: 18KB - Virtual size: 18KB

/63
Size: 20KB - Virtual size: 19KB

/80
Size: 512B - Virtual size: 34B

/99
Size: 279KB - Virtual size: 279KB

/112
Size: 142KB - Virtual size: 142KB

/124
Size: 47KB - Virtual size: 47KB

.idata
Size: 1024B - Virtual size: 902B

.symtab
Size: 229KB - Virtual size: 229KB