General

  • Target

    2024-05-25_123e06dc42966f65164cded5d03318d3_snatch

  • Size

    8.9MB

  • MD5

    123e06dc42966f65164cded5d03318d3

  • SHA1

    ba9401e061299eab618f68d4cf20b4d430b1da40

  • SHA256

    4b277c349cf7f3549d32e128e2942fa57c906e7bb47d4c8aeddc683009ada2b7

  • SHA512

    56cfa6b80b68d575a031444f7393c278fa51052a872b56d533ee8c48ae971239cbd1b7bd9c95093bda9d3b63b65352b086d392616dbfe33d42eb942db6488111

  • SSDEEP

    98304:0yP/Ui/TbjMC27sjjmcfvhZytTD5iqfg:nkup/mc3hwNw

Score
10/10

Malware Config

Signatures

  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing artifacts associated with disabling Widnows Defender 1 IoCs
  • Detects executables referencing many varying, potentially fake Windows User-Agents 1 IoCs
  • Glupteba family
  • Glupteba payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-25_123e06dc42966f65164cded5d03318d3_snatch
    .exe windows:6 windows x86 arch:x86

    9cbefe68f395e67356e2a5d8d1b285c0


    Headers

    Imports

    Sections