2024-06-06_e52b580986f39b89d5cb9c5d92afa7a3_snatch | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-06-06_e52b580986f39b89d5cb9c5d92afa7a3_snatch
Size

6.9MB
MD5

e52b580986f39b89d5cb9c5d92afa7a3
SHA1

fad757b905d9add2b843e4a86eebeb1b264f546f
SHA256

3e9ae8026d1d808388b68d1342c6a5c80b3cbd9c1b8da7559a8d0be153bc8565
SHA512

3d68be513d98221c27359bd746f0b39e7281e00a849914c9037c3344aa44a482047bbe89b9c962ea3c86c324543ca73bb9618364a6113eb6c04e19b2c74b0aac
SSDEEP

98304:couCxlWJXfrSzA/quliiRZD3RRCAgTsuF6CFZee:cNOQawi+BUIuDR

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-06-06_e52b580986f39b89d5cb9c5d92afa7a3_snatch

NSIS installer 1 IoCs

resource	yara_rule
sample	nsis_installer_2

Files

2024-06-06_e52b580986f39b89d5cb9c5d92afa7a3_snatch
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ