6db4efd8c0030ee4026dffc6f53b961e31228bb7497ecffa87411e523f0473b7 | Triage

Sharing

General

Target

2024-08-16_905b72b4f32a4d94e5c070a244fb51a4_poet-rat_snatch
Size

7.7MB
Sample

240816-z8mqpsxglg
MD5

905b72b4f32a4d94e5c070a244fb51a4
SHA1

b6451d54112d4b26c235c36322c293886b621ec2
SHA256

6db4efd8c0030ee4026dffc6f53b961e31228bb7497ecffa87411e523f0473b7
SHA512

9f1424b7aeb40f5789fb49af61a2e397272c68092975bddd2737f7acf5f8c3d9303c09e0999a2db75bf1dfd5ee0d225dc40981e7904b25fe97138c7a2f10275d
SSDEEP

98304:WRW3iSnXM1DZB6ETzoes3yj/N3fbOPDCYDQMqEGAVHaOD3Cvit:2SnXM1zTwCjV3DkDCjMyKaoSq

Score

8^/10

execution

Malware Config

Targets

- Target
  
  2024-08-16_905b72b4f32a4d94e5c070a244fb51a4_poet-rat_snatch
- Size
  
  7.7MB
- MD5
  
  905b72b4f32a4d94e5c070a244fb51a4
- SHA1
  
  b6451d54112d4b26c235c36322c293886b621ec2
- SHA256
  
  6db4efd8c0030ee4026dffc6f53b961e31228bb7497ecffa87411e523f0473b7
- SHA512
  
  9f1424b7aeb40f5789fb49af61a2e397272c68092975bddd2737f7acf5f8c3d9303c09e0999a2db75bf1dfd5ee0d225dc40981e7904b25fe97138c7a2f10275d
- SSDEEP
  
  98304:WRW3iSnXM1DZB6ETzoes3yj/N3fbOPDCYDQMqEGAVHaOD3Cvit:2SnXM1zTwCjV3DkDCjMyKaoSq
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2