8bbd1de5364d92a390abef27d668769b023c72579365bb5cc524d9b5aa0b75f6 | Triage

Sharing

General

Target

2024-07-27_a45e11a1f3f919599619405605714c30_poet-rat_snatch
Size

5.3MB
Sample

240727-a7cfxawbnn
MD5

a45e11a1f3f919599619405605714c30
SHA1

868a52bd6548ef19426269b3013638b0cdba3a9a
SHA256

8bbd1de5364d92a390abef27d668769b023c72579365bb5cc524d9b5aa0b75f6
SHA512

853ecb084b87d30b62d2a214aa3ebaa63419578438aa36947156b7d472708e76aedf08ec02922b50ad7c31e62e690133565a3e8b41c938ff183167819cd8d39f
SSDEEP

49152:WBI/smpoca4+e6ZzGrwk0qTC1TYCJ39dw2XjZ5EUxLqxVQUUyTwGx:l3+BBjTYclElTQ7w

Score

6^/10

Malware Config

Targets

- Target
  
  2024-07-27_a45e11a1f3f919599619405605714c30_poet-rat_snatch
- Size
  
  5.3MB
- MD5
  
  a45e11a1f3f919599619405605714c30
- SHA1
  
  868a52bd6548ef19426269b3013638b0cdba3a9a
- SHA256
  
  8bbd1de5364d92a390abef27d668769b023c72579365bb5cc524d9b5aa0b75f6
- SHA512
  
  853ecb084b87d30b62d2a214aa3ebaa63419578438aa36947156b7d472708e76aedf08ec02922b50ad7c31e62e690133565a3e8b41c938ff183167819cd8d39f
- SSDEEP
  
  49152:WBI/smpoca4+e6ZzGrwk0qTC1TYCJ39dw2XjZ5EUxLqxVQUUyTwGx:l3+BBjTYclElTQ7w
Score

6^/10
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2