Overview

overview

10

Static

static

10

2024-06-24...ch.exe

windows7-x64

1

2024-06-24...ch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-06-24_4aef5da701cfa3b82624aa947c4a70ca_ngrbot_poet-rat_snatch

  • Size

    9.5MB

  • MD5

    4aef5da701cfa3b82624aa947c4a70ca

  • SHA1

    4f3d48c3b29a8abee5e293cec02aa975c5a80f99

  • SHA256

    4f10480dea6509d5d660ad7bb7d8169b51b66badc4996068a325c15ea4ae9dd6

  • SHA512

    11ff77315b9f0a18e295efa6629a095e7c593c91b74dcfa73fd68f376586fc325b78e4db307a73e634b500f5c351209ad7da853dc49859a51fd7273ef5bda0ba

  • SSDEEP

    98304:tcJW4J6EdbyvYB8LY0iyo4t2EyzxqFgzC13h:onJ6EIwAY0iyrtzyzPC13h

Score
10/10
skuld

Malware Config

Signatures

  • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers. 1 IoCs
  • Detects executables Discord URL observed in first stage droppers 1 IoCs
  • Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs
  • Detects executables containing URLs to raw contents of a Github gist 1 IoCs
  • Detects executables containing possible sandbox system UUIDs 1 IoCs
  • Detects executables referencing virtualization MAC addresses 1 IoCs
  • Skuld family
    skuld
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-06-24_4aef5da701cfa3b82624aa947c4a70ca_ngrbot_poet-rat_snatch
    .exe windows:6 windows x64 arch:x64

    c2d457ad8ac36fc9f18d45bffcd450c2


    Headers

    Imports

    Sections