Overview

overview

10

Static

static

10

2024-06-22...ch.exe

windows7-x64

1

2024-06-22...ch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

Errors

Reason
config extraction: Skuld_v2: length 9202400 exceeds max length 1048576

General

  • Target

    2024-06-22_54ed565144faab98985baf2347062bc0_ngrbot_poet-rat_snatch

  • Size

    14.2MB

  • MD5

    54ed565144faab98985baf2347062bc0

  • SHA1

    f940e7367c6bb75e845f3b6507ecf40e94c0fb98

  • SHA256

    87c7df48dbf1ef567445595a16463dc5202c963081fe36bd42164959fb077114

  • SHA512

    f91d1e9111c09ed8bccb2c57e52acd920fb37c4459292889e86cfea809880495a8dd5b685d142b6422076bd0bc186a67af2ca490d8d96b85ec532fb01ebe05f9

  • SSDEEP

    196608:BMhP4WgzpUmKAUzo4z3wVSIPLFFrL0AGtWT6U:ByP2So40HLvL7Gty

Score
10/10

Malware Config

Signatures

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing possible sandbox system UUIDs 1 IoCs
  • Detects executables referencing virtualization MAC addresses 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-06-22_54ed565144faab98985baf2347062bc0_ngrbot_poet-rat_snatch
    .exe windows:6 windows x64 arch:x64

    c2d457ad8ac36fc9f18d45bffcd450c2


    Headers

    Imports

    Sections