Extracted

• • Target

    2024-06-25_8af289e1ab18170e6c225166e49a46ac_ngrbot_poet-rat_snatch

  • Size

    9.3MB

  • MD5

    8af289e1ab18170e6c225166e49a46ac

  • SHA1

    ae539acaa1e5510da757f39bdbf4d973c4822085

  • SHA256

    9046b67922c2d220a330ed32e544375989d92a210eefc3d041c9e009166f2812

  • SHA512

    91c84d21bc06f3b492eeea19aa1bccc1c12d2dc1f0374fe04daf9b8693ccd7290cb6a7ebc7d11298324635d9ecc1dc0552440e1cee88473527fbc6324a5a0a26

  • SSDEEP

    98304:jCoYgLk4deNsZ0l+gGC785Auo0KEfyMfIiiBBXe:pRLk4cv785AR0XKhX

  Score

  10^/10

  skuldpersistencestealer

  • Skuld stealer

    An info stealer written in Go lang.

    stealerskuld

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2