2024-09-28_c85598b8927ee5a225998a589d3487e9_poet-rat_snatch | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-09-28_c85598b8927ee5a225998a589d3487e9_poet-rat_snatch
Size

4.8MB
MD5

c85598b8927ee5a225998a589d3487e9
SHA1

00c93df4148c3a8629798d6a1ac9305ce974d094
SHA256

6d219dd45cb9bffc81e70a1a6f25f0abc2ae29de41cf2770e68a7f1e803b24b5
SHA512

b7b6ca70f75633d676df64aaedcb0368f6f4e7f894096abb3ef6cab83dd7d10c01a0b84503d559a68d29fe3be83734b3771f623d5bc441a3e4dcb51608504337
SSDEEP

49152:NXJxAIQfc7wXnJu1U30/jo5UJZUntHvVkgKJswamhqp1ROjyj/2wW0j94lNe:BAIdik7/junt/2wrl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-09-28_c85598b8927ee5a225998a589d3487e9_poet-rat_snatch

Files

2024-09-28_c85598b8927ee5a225998a589d3487e9_poet-rat_snatch
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 356KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ