Overview

overview

10

Static

static

10

2024-10-11...ch.exe

windows7-x64

1

2024-10-11...ch.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2024, 00:57 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-10-11_88968cb0e0465d2eddf1fc8808ccc8f6_hacktools_poet-rat_snatch.exe

  • Size

    16.0MB

  • MD5

    88968cb0e0465d2eddf1fc8808ccc8f6

  • SHA1

    3757dbf70e588630939544c691f5cebea6460e1a

  • SHA256

    241806afa79b1263594da8f57d25ea9fba9c65602e50f16e5c458572e016784c

  • SHA512

    cacc4b1def7cdeb958cc8b66539394fcc9682e14c130d6be08a77651d5e8a07b1eb5db6828884214ad9ebf76dd9f0be1e5a359f5fc1984b79d5a376bc8bc4800

  • SSDEEP

    196608:PGAk0F/+0mHAsTJl4N0AToRgMgBV9j5c1ltfzv:PGt0FRmHACl4NuRgv3jyHtL

Score
1/10

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-10-11_88968cb0e0465d2eddf1fc8808ccc8f6_hacktools_poet-rat_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-10-11_88968cb0e0465d2eddf1fc8808ccc8f6_hacktools_poet-rat_snatch.exe"
    1⤵
      PID:872

    Network

    • flag-us
      DNS
      0.159.190.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      0.159.190.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      55.36.223.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      55.36.223.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      200.163.202.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      200.163.202.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      241.42.69.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      241.42.69.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      240.221.184.93.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      240.221.184.93.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      11.227.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      11.227.111.52.in-addr.arpa
      IN PTR
      Response
    • 127.0.0.1:50051
      2024-10-11_88968cb0e0465d2eddf1fc8808ccc8f6_hacktools_poet-rat_snatch.exe
    • 127.0.0.1:50051
      2024-10-11_88968cb0e0465d2eddf1fc8808ccc8f6_hacktools_poet-rat_snatch.exe
    • 127.0.0.1:50051
      2024-10-11_88968cb0e0465d2eddf1fc8808ccc8f6_hacktools_poet-rat_snatch.exe
    • 127.0.0.1:50051
      2024-10-11_88968cb0e0465d2eddf1fc8808ccc8f6_hacktools_poet-rat_snatch.exe
    • 127.0.0.1:50051
      2024-10-11_88968cb0e0465d2eddf1fc8808ccc8f6_hacktools_poet-rat_snatch.exe
    • 127.0.0.1:50051
      2024-10-11_88968cb0e0465d2eddf1fc8808ccc8f6_hacktools_poet-rat_snatch.exe
    • 127.0.0.1:50051
      2024-10-11_88968cb0e0465d2eddf1fc8808ccc8f6_hacktools_poet-rat_snatch.exe
    • 127.0.0.1:50051
      2024-10-11_88968cb0e0465d2eddf1fc8808ccc8f6_hacktools_poet-rat_snatch.exe
    • 127.0.0.1:50051
      2024-10-11_88968cb0e0465d2eddf1fc8808ccc8f6_hacktools_poet-rat_snatch.exe
    • 127.0.0.1:50051
      2024-10-11_88968cb0e0465d2eddf1fc8808ccc8f6_hacktools_poet-rat_snatch.exe
    • 8.8.8.8:53
      0.159.190.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      0.159.190.20.in-addr.arpa

    • 8.8.8.8:53
      55.36.223.20.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      55.36.223.20.in-addr.arpa

    • 8.8.8.8:53
      200.163.202.172.in-addr.arpa
      dns
      74 B
       160 B
       1
      1

      DNS Request

      200.163.202.172.in-addr.arpa

    • 8.8.8.8:53
      241.42.69.40.in-addr.arpa
      dns
      71 B
       145 B
       1
      1

      DNS Request

      241.42.69.40.in-addr.arpa

    • 8.8.8.8:53
      240.221.184.93.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      240.221.184.93.in-addr.arpa

    • 8.8.8.8:53
      11.227.111.52.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      11.227.111.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.