2024-05-31_af9f0473b800d69d20ecb0a37d9b2e7a_snatch

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-31_af9f0473b800d69d20ecb0a37d9b2e7a_snatch
Size

23.1MB
MD5

af9f0473b800d69d20ecb0a37d9b2e7a
SHA1

a9cda085d4cd3f88d8bbe851411a23c400205f02
SHA256

83bd159efec91ee2b56b8d0d0547f9198dba3c336bf89d207b5a956d8388e9ac
SHA512

b10dac9949f42d0b9e91d09a1ce0907ae53d9edf9be16745de9efd4ffa0413567b21be58233883590851291b37b9b9378b6be8405d049d19f23eb6c13fa9f08b
SSDEEP

196608:Ln7cjj+JS+MDuy6rrZDPGxOLXqChLOKFDS0ef:kv6pGxWaHt

Score

10^/10

Malware Config

Signatures

Detects executables containing possible sandbox analysis VM usernames 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

Files

2024-05-31_af9f0473b800d69d20ecb0a37d9b2e7a_snatch
.exe windows:4 windows x64 arch:x64

0c05448e8cf7d4de8c6a5510b0fad0d8

Code Sign

03:9c:3b:86:6a:db:47:c9:1c:42:90:9c:00:73:35:a6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/10/2018, 00:00

Not After

02/11/2021, 12:00

Subject

SERIALNUMBER=7045767,CN=Critical Research Corporation,O=Critical Research Corporation,L=Austin,ST=Texas,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Unknown issuer

Not Before

01/01/2013, 10:00

Not After

01/04/2013, 10:00

Subject

CN=Dummy certificate

Extended Key Usages

Key Usages

KeyUsageCertSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:c4:ff:4d:16:0f:d6:75:c9:f5:32:02:a9:4b:ee:04:e7:02:53:cb:e1:9a:1f:d1:8e:8d:0a:76:53:68:d7:65
Signer

Actual PE Digest

52:c4:ff:4d:16:0f:d6:75:c9:f5:32:02:a9:4b:ee:04:e7:02:53:cb:e1:9a:1f:d1:8e:8d:0a:76:53:68:d7:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetThreadPriority
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
LoadLibraryA
LoadLibraryW
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerA
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13.1MB - Virtual size: 13.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.9MB - Virtual size: 10.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0c05448e8cf7d4de8c6a5510b0fad0d8

Code Sign

03:9c:3b:86:6a:db:47:c9:1c:42:90:9c:00:73:35:a6Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

01Certificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

52:c4:ff:4d:16:0f:d6:75:c9:f5:32:02:a9:4b:ee:04:e7:02:53:cb:e1:9a:1f:d1:8e:8d:0a:76:53:68:d7:65Signer

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 7.0MB - Virtual size: 7.0MB

.rdata Size: 13.1MB - Virtual size: 13.1MB

.data Size: 2.9MB - Virtual size: 10.3MB

.idata Size: 1KB - Virtual size: 1KB

.symtab Size: 512B - Virtual size: 4B

.rsrc Size: 17KB - Virtual size: 17KB

03:9c:3b:86:6a:db:47:c9:1c:42:90:9c:00:73:35:a6
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

01
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

52:c4:ff:4d:16:0f:d6:75:c9:f5:32:02:a9:4b:ee:04:e7:02:53:cb:e1:9a:1f:d1:8e:8d:0a:76:53:68:d7:65
Signer

.text
Size: 7.0MB - Virtual size: 7.0MB

.rdata
Size: 13.1MB - Virtual size: 13.1MB

.data
Size: 2.9MB - Virtual size: 10.3MB

.idata
Size: 1KB - Virtual size: 1KB

.symtab
Size: 512B - Virtual size: 4B

.rsrc
Size: 17KB - Virtual size: 17KB