Overview

overview

10

Static

static

8

Win7: 5min timeout

windows7_x64

10

Win10: 5min timeout

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3aadbf7e527fc1a050e1c97fea1cba4d

  • Size

    7.9MB

  • Sample

    201008-49y3j9pb1s

  • MD5

    3aadbf7e527fc1a050e1c97fea1cba4d

  • SHA1

    2cf055b3ef60582ca72e77bc4693ea306360f611

  • SHA256

    208ec23c233580dbfc53aad5655845f7152ada56dd6a5c780d54e84a9d227407

  • SHA512

    642fadbcb8c94858a770de4e6e419bcc6c223e92fe3294f0b56519bdd4b74cdc9918ebac83a91627de5bef4cfd42a1abde79c4bf9e2801f582e18c9fd5000976

Score
10/10
poetratmacrostealertrojan

Malware Config

Targets

    • Target

      3aadbf7e527fc1a050e1c97fea1cba4d

    • Size

      7.9MB

    • MD5

      3aadbf7e527fc1a050e1c97fea1cba4d

    • SHA1

      2cf055b3ef60582ca72e77bc4693ea306360f611

    • SHA256

      208ec23c233580dbfc53aad5655845f7152ada56dd6a5c780d54e84a9d227407

    • SHA512

      642fadbcb8c94858a770de4e6e419bcc6c223e92fe3294f0b56519bdd4b74cdc9918ebac83a91627de5bef4cfd42a1abde79c4bf9e2801f582e18c9fd5000976

    Score
    10/10
    macrotrojanstealerpoetrat

    • PoetRAT

      PoetRAT is remote administration tool written in python.

      trojanstealerpoetrat

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Executes dropped EXE

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macro

    • Loads dropped DLL

    • JavaScript code in executable

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks