General
-
Target
2024-07-31_28fb7740ddffad6fb3e4e30a0400eee1_poet-rat_snatch
-
Size
7.2MB
-
Sample
240731-19myja1eme
-
MD5
28fb7740ddffad6fb3e4e30a0400eee1
-
SHA1
380d7431347f7841ae6c388ac229e6087eaa1829
-
SHA256
18c9512e88bde20fefe112cd251840820df08c7f69d40d822ce6ade7076debab
-
SHA512
0efc44b74b5eb19b343acb014d14a6a296ba752ca1992c0040bbf5fa202a08ec93649d58597a17cffe8bdb8df553fb1a2862d4bb3011a2a5bd738bcadba578ef
-
SSDEEP
98304:EKGvcGkOpPdnEHxtAoPfq4k+4Aedu1J56fU44P:E+GkOp2H9Pi4kFAeI1J56sP
Static task
static1
Behavioral task
behavioral1
Sample
2024-07-31_28fb7740ddffad6fb3e4e30a0400eee1_poet-rat_snatch.exe
Resource
win7-20240708-en
Malware Config
Extracted
lumma
https://flyyedreplacodp.shop/api
https://horizonvxjis.shop/api
https://effectivedoxzj.shop/api
https://parntorpkxzlp.shop/api
https://stimultaionsppzv.shop/api
https://grassytaisol.shop/api
https://broccoltisop.shop/api
https://shellfyyousdjz.shop/api
https://bravedreacisopm.shop/api
Extracted
lumma
https://flyyedreplacodp.shop/api
https://horizonvxjis.shop/api
Targets
-
-
Target
2024-07-31_28fb7740ddffad6fb3e4e30a0400eee1_poet-rat_snatch
-
Size
7.2MB
-
MD5
28fb7740ddffad6fb3e4e30a0400eee1
-
SHA1
380d7431347f7841ae6c388ac229e6087eaa1829
-
SHA256
18c9512e88bde20fefe112cd251840820df08c7f69d40d822ce6ade7076debab
-
SHA512
0efc44b74b5eb19b343acb014d14a6a296ba752ca1992c0040bbf5fa202a08ec93649d58597a17cffe8bdb8df553fb1a2862d4bb3011a2a5bd738bcadba578ef
-
SSDEEP
98304:EKGvcGkOpPdnEHxtAoPfq4k+4Aedu1J56fU44P:E+GkOp2H9Pi4kFAeI1J56sP
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-