General
-
Target
2024-09-14_0046c35e3ac89f8f076e7408935d080e_poet-rat_snatch
-
Size
21.0MB
-
Sample
240914-mes96syfnj
-
MD5
0046c35e3ac89f8f076e7408935d080e
-
SHA1
0f1d6bacd93659a318a480055846e2383084676c
-
SHA256
2d822b5d48100ac6fc83f1817388f00dfcb3501dd8486caf802a031c97d3a763
-
SHA512
e5f9c9a8af75b8ce0830955457a362ae270f9b2ed80119dbda63e2bf0c1d3555b07e024e8d8a42b35f5b762b300de18707cdbeafd7acc87f9499af694108a7da
-
SSDEEP
196608:ny8/640qQt8T1iiNv67gnZ1fijdiT64CcVOabwd2f:y8/645QyJ6EPYK1VtO2f
Malware Config
Targets
-
-
Target
2024-09-14_0046c35e3ac89f8f076e7408935d080e_poet-rat_snatch
-
Size
21.0MB
-
MD5
0046c35e3ac89f8f076e7408935d080e
-
SHA1
0f1d6bacd93659a318a480055846e2383084676c
-
SHA256
2d822b5d48100ac6fc83f1817388f00dfcb3501dd8486caf802a031c97d3a763
-
SHA512
e5f9c9a8af75b8ce0830955457a362ae270f9b2ed80119dbda63e2bf0c1d3555b07e024e8d8a42b35f5b762b300de18707cdbeafd7acc87f9499af694108a7da
-
SSDEEP
196608:ny8/640qQt8T1iiNv67gnZ1fijdiT64CcVOabwd2f:y8/645QyJ6EPYK1VtO2f
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Creates new service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1System Services
1Service Execution
1Persistence
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Scheduled Task
1