Overview

overview

7

Static

static

3

2024-07-04...ch.exe

windows7-x64

1

2024-07-04...ch.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 04:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-07-04_c6c3e4b067f9df6f5229187635cfab03_poet-rat_snatch.exe

  • Size

    13.4MB

  • MD5

    c6c3e4b067f9df6f5229187635cfab03

  • SHA1

    14114a6c9d1651ecdd6f2bcd1d8e81b48282401a

  • SHA256

    a92d9df2886bf5343df97b401b6289cb1bc4578464709bc705d7d0fdf0e359ab

  • SHA512

    0234cba2d448f9489453dd3f014bfea7da36b1ecda4b643741578f549d6ba478115c4b7401b5892fe154e817c140074b7253b9010072ed31f4195a6e34f025df

  • SSDEEP

    196608:DFDLBVjYdePap2kiSvIs9m8UrWKkXIpa3:DBLBpY44JzIAnjApa

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-07-04_c6c3e4b067f9df6f5229187635cfab03_poet-rat_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-07-04_c6c3e4b067f9df6f5229187635cfab03_poet-rat_snatch.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Windows\system32\cmd.exe
      cmd /c ver
      2⤵
        PID:2156

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads