General

  • Target

    2024-05-25_16e80e1f67924b0ce55d86303d1b9f54_snatch

  • Size

    8.9MB

  • MD5

    16e80e1f67924b0ce55d86303d1b9f54

  • SHA1

    f34dc1f3416cfe798d14edb24c30d8ea2bbb8ac3

  • SHA256

    e92c0f9c9126131622280f791a074d4c539a7f14aec0ecc494a80aebdd3d33b3

  • SHA512

    628e4bc1d4aa4d98beba98cdc0c9e9d38f445499658b32bf726a9c4f89c46868a6fd80a68ec4c026a95a9ced91f9934dd419a268cbfaa64ac3100d64e089c7dc

  • SSDEEP

    98304:uHxMZDJ1TRpxYVX9u2IazANfNhZytTD5iq3:0xEvYjVzAN1hwN

Score
10/10

Malware Config

Signatures

  • Detects Windows executables referencing non-Windows User-Agents 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing artifacts associated with disabling Widnows Defender 1 IoCs
  • Detects executables referencing many varying, potentially fake Windows User-Agents 1 IoCs
  • Glupteba family
  • Glupteba payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-05-25_16e80e1f67924b0ce55d86303d1b9f54_snatch
    .exe windows:6 windows x86 arch:x86

    9cbefe68f395e67356e2a5d8d1b285c0


    Headers

    Imports

    Sections