Extracted

• • Target

    2024-10-03_32004b237b6bad18f9edc16039081f1a_ngrbot_poet-rat_snatch

  • Size

    9.5MB

  • MD5

    32004b237b6bad18f9edc16039081f1a

  • SHA1

    8e6215dade663965c583779f3acc8dbb67456a6d

  • SHA256

    f304fb338cc0e7e46a78ac6d640ef4635b4203ebed1b7483cebe7c8cc5dbeedf

  • SHA512

    b3c167580572bc66e2998c3b81d2dea032dfe9c757846f3571b13b5142e9a78f58941abc068bd060f6dce49dfdb4fbdf0572e78b50bae58a4551b3d6b6eddef3

  • SSDEEP

    98304:MLNkPQbfzcsr+zUxkol+6VHMkLE/BD7F/Bz2zIb:MOSfzHkol+MHMkY/BPQIb

  Score

  10^/10

  skuldpersistencestealer

  • Skuld stealer

    An info stealer written in Go lang.

    stealerskuld

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2