General

  • Target

    2024-09-14_0046c35e3ac89f8f076e7408935d080e_poet-rat_snatch

  • Size

    21.0MB

  • Sample

    240914-mes96syfnj

  • MD5

    0046c35e3ac89f8f076e7408935d080e

  • SHA1

    0f1d6bacd93659a318a480055846e2383084676c

  • SHA256

    2d822b5d48100ac6fc83f1817388f00dfcb3501dd8486caf802a031c97d3a763

  • SHA512

    e5f9c9a8af75b8ce0830955457a362ae270f9b2ed80119dbda63e2bf0c1d3555b07e024e8d8a42b35f5b762b300de18707cdbeafd7acc87f9499af694108a7da

  • SSDEEP

    196608:ny8/640qQt8T1iiNv67gnZ1fijdiT64CcVOabwd2f:y8/645QyJ6EPYK1VtO2f

Malware Config

Targets

    • Target

      2024-09-14_0046c35e3ac89f8f076e7408935d080e_poet-rat_snatch

    • Size

      21.0MB

    • MD5

      0046c35e3ac89f8f076e7408935d080e

    • SHA1

      0f1d6bacd93659a318a480055846e2383084676c

    • SHA256

      2d822b5d48100ac6fc83f1817388f00dfcb3501dd8486caf802a031c97d3a763

    • SHA512

      e5f9c9a8af75b8ce0830955457a362ae270f9b2ed80119dbda63e2bf0c1d3555b07e024e8d8a42b35f5b762b300de18707cdbeafd7acc87f9499af694108a7da

    • SSDEEP

      196608:ny8/640qQt8T1iiNv67gnZ1fijdiT64CcVOabwd2f:y8/645QyJ6EPYK1VtO2f

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Creates new service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks