Static task
static1
Behavioral task
behavioral1
Sample
2024-06-27_5a0a2fcefe8be198b0732fd5fb89cdac_poet-rat_snatch.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-06-27_5a0a2fcefe8be198b0732fd5fb89cdac_poet-rat_snatch.exe
Resource
win10v2004-20240611-en
General
-
Target
2024-06-27_5a0a2fcefe8be198b0732fd5fb89cdac_poet-rat_snatch
-
Size
17.9MB
-
MD5
5a0a2fcefe8be198b0732fd5fb89cdac
-
SHA1
2ae115c4ed9aa788fe3c9446a538a8ac21e6a427
-
SHA256
dc2ac05586eba916c91011eef8c22a8d35ac19dc46d8f9bac3e4f6d1ea99772c
-
SHA512
c12697c2fc478f5644082396ef3688ea1b088e9eeda25890acb824c308c63ac16888c1490fe0fb117b595f3bacf7b041f71e101850e27f43bdf8646c08b5eb4e
-
SSDEEP
393216:HTHhEhxMF3FeEHYlCFauSq+hb3DEpS+KIPLnSDUFOjOEzv8:13EE4laN+93uJLnSDUF1EzU
Malware Config
Signatures
-
UPX dump on OEP (original entry point) 1 IoCs
resource yara_rule sample UPX -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-06-27_5a0a2fcefe8be198b0732fd5fb89cdac_poet-rat_snatch
Files
-
2024-06-27_5a0a2fcefe8be198b0732fd5fb89cdac_poet-rat_snatch.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
XXXA Size: - Virtual size: 8.5MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
YYYB Size: 17.9MB - Virtual size: 17.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE