glupteba | 2024-07-24_138dbe66343b73552e80c461bc575dd6_poet-rat_snatch | Triage

Sharing

General

Target

2024-07-24_138dbe66343b73552e80c461bc575dd6_poet-rat_snatch
Size

6.2MB
MD5

138dbe66343b73552e80c461bc575dd6
SHA1

1345e01a18f7c28398c39bde98b37a624997eb7f
SHA256

862305d116b844285904c0d083b0399d4b6e9f3f03d6d0aba7051d6a75dd7d54
SHA512

6845a4715bf474d4ec6a62c929b7c1b7162fb7456491b966e4f301475450de594c6afb1727601f068ebc370d14e7c39cd6b53ca8229f0cc95ecea58f8c7c2f97
SSDEEP

98304:n1W7IpuQbSkwrMZnXviuPjqmOXh51YcyDIn:n1W76+rIXviu7qm+NPn

Score

10^/10

glupteba

Malware Config

Signatures

Glupteba family
glupteba

Glupteba payload 1 IoCs

Processes:

resource	yara_rule
sample	family_glupteba

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-07-24_138dbe66343b73552e80c461bc575dd6_poet-rat_snatch

Files

2024-07-24_138dbe66343b73552e80c461bc575dd6_poet-rat_snatch
.exe windows:4 windows x86 arch:x86

1c2a6fbef41572f4c9ce8acb5a63cde7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winmm

timeEndPeriod
timeBeginPeriod

ws2_32

WSAGetOverlappedResult

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 902B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ