General

  • Target

    2024-05-25_c6e6896d3dca2dddd66f6a63473860c4_snatch

  • Size

    8.9MB

  • MD5

    c6e6896d3dca2dddd66f6a63473860c4

  • SHA1

    d7709c1e4449fa7047d2eece03a53a5b142874a3

  • SHA256

    12e9c2484b4c653170f9b6941d87095c1bf9fbf5254864b92b6fc0e07c34a169

  • SHA512

    951242c48d4b267c1a03968de682fef974ed8bfb872522068a801f4d22198e84e88a6f461c0ff08832b9282f2ad6cc78926fc2efefc8ba12d41680ad800f6963

  • SSDEEP

    98304:0yP/Ui/TbjMC27sjjmcfuhZytTD5iqgg:nkup/mcWhwNN

Score
10/10

Malware Config

Signatures

  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing artifacts associated with disabling Widnows Defender 1 IoCs
  • Detects executables referencing many varying, potentially fake Windows User-Agents 1 IoCs
  • Glupteba family
  • Glupteba payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-25_c6e6896d3dca2dddd66f6a63473860c4_snatch
    .exe windows:6 windows x86 arch:x86

    9cbefe68f395e67356e2a5d8d1b285c0


    Headers

    Imports

    Sections