Overview

overview

10

Static

static

3

2024-08-18...ch.exe

windows7-x64

1

2024-08-18...ch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-08-18_0cb1cd96a9040375ccb2bf55b7cbf016_poet-rat_snatch

  • Size

    7.9MB

  • Sample

    240818-tt7vfavhmn

  • MD5

    0cb1cd96a9040375ccb2bf55b7cbf016

  • SHA1

    7390264e8d9565db41d11c030a5534ada49fc96a

  • SHA256

    be7644cecc2a38c7e940eac967a4f1874975044605c9435c91cc72a2f6da8373

  • SHA512

    00c2fb996b8b24cd16fb045ee41822c5c493b290a31b0a1f938654a6f09c36f5d6db00d6432b4bbb8978e8c3599097eb4985b2548cad1f81aace99055c2e0b52

  • SSDEEP

    98304:SLBrws1ai4FNIfEKhjwwnVigX6vMpfoh4AA31WVKcBQH:SOs1ai4NKh/VBQM9oVPIcG

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      2024-08-18_0cb1cd96a9040375ccb2bf55b7cbf016_poet-rat_snatch

    • Size

      7.9MB

    • MD5

      0cb1cd96a9040375ccb2bf55b7cbf016

    • SHA1

      7390264e8d9565db41d11c030a5534ada49fc96a

    • SHA256

      be7644cecc2a38c7e940eac967a4f1874975044605c9435c91cc72a2f6da8373

    • SHA512

      00c2fb996b8b24cd16fb045ee41822c5c493b290a31b0a1f938654a6f09c36f5d6db00d6432b4bbb8978e8c3599097eb4985b2548cad1f81aace99055c2e0b52

    • SSDEEP

      98304:SLBrws1ai4FNIfEKhjwwnVigX6vMpfoh4AA31WVKcBQH:SOs1ai4NKh/VBQM9oVPIcG

    Score
    10/10
    discoverypersistence

    • Modifies WinLogon for persistence

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks