General
-
Target
2024-05-26_e7b3c4b0143fefcba773b882295f4d0c_snatch
-
Size
7.9MB
-
Sample
240526-ekcwdaeh47
-
MD5
e7b3c4b0143fefcba773b882295f4d0c
-
SHA1
bb82236fa1272ab513797d260db1c80fc3fd5a79
-
SHA256
f5d6b6c8f39e8377904750b48716512e7d39692e91a4c67ebcc6794b7ba9643b
-
SHA512
2c2bb7ce2d6d5d5348ee9ea6ce5e5bf233396ec71ce83597c4758eeb7c980fbf9b35ed71cf45c11369f501a7698833de3eb7c2228f9d6e2b409a8103570497aa
-
SSDEEP
98304:G5GBAoXeLfR3EIQEYDylgM4MYEm2/lUA8+w7QhV+lS4:woXeLCI5QMYEmcUA8+Bf+lS
Static task
static1
Behavioral task
behavioral1
Sample
2024-05-26_e7b3c4b0143fefcba773b882295f4d0c_snatch.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-05-26_e7b3c4b0143fefcba773b882295f4d0c_snatch.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
2024-05-26_e7b3c4b0143fefcba773b882295f4d0c_snatch
-
Size
7.9MB
-
MD5
e7b3c4b0143fefcba773b882295f4d0c
-
SHA1
bb82236fa1272ab513797d260db1c80fc3fd5a79
-
SHA256
f5d6b6c8f39e8377904750b48716512e7d39692e91a4c67ebcc6794b7ba9643b
-
SHA512
2c2bb7ce2d6d5d5348ee9ea6ce5e5bf233396ec71ce83597c4758eeb7c980fbf9b35ed71cf45c11369f501a7698833de3eb7c2228f9d6e2b409a8103570497aa
-
SSDEEP
98304:G5GBAoXeLfR3EIQEYDylgM4MYEm2/lUA8+w7QhV+lS4:woXeLCI5QMYEmcUA8+Bf+lS
Score9/10-
Detects executables Discord URL observed in first stage droppers
-
Detects executables referencing combination of virtualization drivers
-
Enumerates VirtualBox DLL files
-
Looks for VirtualBox drivers on disk
-
Looks for VirtualBox executables on disk
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Looks for VMWare drivers on disk
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-