glupteba | 2024-05-29_a4880f022c6d934b7df0f9becedaaa92_snatch

Sharing

Target

2024-05-29_a4880f022c6d934b7df0f9becedaaa92_snatch
Size

8.5MB
MD5

a4880f022c6d934b7df0f9becedaaa92
SHA1

55e9da5f656d9b6adbc70024ee59de359ad303de
SHA256

7a3f2c81d08c10fe40d30b096cd8424c7486ce09bb74b8611c9ad919b9f7b7d4
SHA512

217501aedb72490a8b9d329771f22ccb405bbb588bd8334c353523afcedd025f82928e534683a489dffed341901bafdaed166ca40d08c335506a224a3a0c82d1
SSDEEP

98304:y/tkNUvApWlmDJY8hv9zQC1nU/GqhZytTD5iq:y/iNUr+v1OhwN

Score

10^/10

glupteba

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Detects executables Discord URL observed in first stage droppers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_DiscordURL

Detects executables containing URLs to raw contents of a Github gist 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

Detects executables referencing many varying, potentially fake Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_TooManyWindowsUA

Glupteba payload 1 IoCs

resource	yara_rule
sample	family_glupteba

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-29_a4880f022c6d934b7df0f9becedaaa92_snatch