Extracted

• • Target

    2024-07-05_dfa9ac755882200a4754331c432e5d04_ngrbot_poet-rat_snatch

  • Size

    9.5MB

  • MD5

    dfa9ac755882200a4754331c432e5d04

  • SHA1

    81e32004a660fbf6b086bc936b28638658e345a9

  • SHA256

    cabf2b9954b62e96090df46f2d095ebccff7783d820cb7a2af3e5c89d13b9617

  • SHA512

    0189d4463348a92ba26100980e15c642df8ac6d58ef02a70a1b9b80f1e5c4525d75b4cc3407b41efc89e8096a4496d356dbc8af4f828bb477481392aa889409b

  • SSDEEP

    98304:jrpE418vaNd23nXZTp04EFSsM9kEPNSF8uc3e:qk8va6Xpp04EEscPGc3e

  Score

  10^/10

  skuldpersistencestealer

  • Skuld stealer

    An info stealer written in Go lang.

    stealerskuld

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2