2024-08-20_1008a8fe9ed805ffdf6bc2e64a35c65c_poet-rat_snatch | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-08-20_1008a8fe9ed805ffdf6bc2e64a35c65c_poet-rat_snatch
Size

16.3MB
MD5

1008a8fe9ed805ffdf6bc2e64a35c65c
SHA1

d668d5710f54439d94cf6eb263f79157e8b185ce
SHA256

8fa0458ecab6bd01c2be6a9b3c26bfb2b43ccc7652700a05fe1b9056b8cb3a68
SHA512

074afa3deb484b40ae4715df854c0e00cbf6d09fa83add1b6e1bce5d4da427b964854a7a0d0a3a6bbbec93701a1925c5483ee4b63b0042ef4fded949b8b4c8d3
SSDEEP

98304:xCNCDllz9YpKIFlpD4BtYDZI8L4XzUCzxEiZGZBRA5RAUratH:xCNCLTIFlpsBtsIdXzUCzSiI/C5CJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-08-20_1008a8fe9ed805ffdf6bc2e64a35c65c_poet-rat_snatch

Files

2024-08-20_1008a8fe9ed805ffdf6bc2e64a35c65c_poet-rat_snatch
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 146KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE