Analysis
-
max time kernel
91s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
27-09-2024 08:32
General
-
Target
2024-09-27_bfb9b406c667471ba8569b8deca1eeef_cobalt-strike_cobaltstrike_poet-rat_snatch.exe
-
Size
5.0MB
-
MD5
bfb9b406c667471ba8569b8deca1eeef
-
SHA1
4f78bbfd2f26894eda8ecc46a6d6185683963f00
-
SHA256
450b9fcc47bc2b97caa25f6e5579a17dd022f9b1f9bb6f81acaaa4ba59b3ffe2
-
SHA512
a1cd9b412e18ad345cd1fa5748f01e306b0a96c5d7372787e6177291078d8a72f1b84641e67e09429bf3f48288019fde749bddecfccfc9e61479ac88bc91a0b1
-
SSDEEP
49152:r56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2v2V6liK1uOCeXvpnO:r56utgpPFotBER/mQ32lUo
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-09-27_bfb9b406c667471ba8569b8deca1eeef_cobalt-strike_cobaltstrike_poet-rat_snatch.exe"C:\Users\Admin\AppData\Local\Temp\2024-09-27_bfb9b406c667471ba8569b8deca1eeef_cobalt-strike_cobaltstrike_poet-rat_snatch.exe"1⤵
- System Location Discovery: System Language Discovery