General
-
Target
2024-10-12_4aceefe0841c85a6e41790ed1b7e4dc4_ngrbot_poet-rat_snatch
-
Size
9.9MB
-
Sample
241012-jhz1cazhlc
-
MD5
4aceefe0841c85a6e41790ed1b7e4dc4
-
SHA1
b8a098ea10749eb910fe6f69f91d6bee8583c79e
-
SHA256
220e33c37d55d41322c6af19fcff7c27a1eadcee6ef3b073b0b50b2f92c71ba3
-
SHA512
6b96aafa9d6691b98981cd7643df9c5709d3d514d84aadb97617d9d1bf443ab6f02ece6bfb1797775568876676d9db14c5efe4750d54b4053def8b53c7fc78f7
-
SSDEEP
98304:1hQI9wzKxmhMIIKfGTibiyCC9cK8JE2ICafZmwjsEejd:1hIzKxmhhtbiyCicRKDUjd
Behavioral task
behavioral1
Sample
2024-10-12_4aceefe0841c85a6e41790ed1b7e4dc4_ngrbot_poet-rat_snatch.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2024-10-12_4aceefe0841c85a6e41790ed1b7e4dc4_ngrbot_poet-rat_snatch.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
skuld
https://discord.com/api/webhooks/1293364712645328977/QVy4b8FCf4VcBd2eWmc6pU5PSC_CW9FSbBynWkMJuDBQltuQ0VS7786OwjG1V_kxgMuP
Targets
-
-
Target
2024-10-12_4aceefe0841c85a6e41790ed1b7e4dc4_ngrbot_poet-rat_snatch
-
Size
9.9MB
-
MD5
4aceefe0841c85a6e41790ed1b7e4dc4
-
SHA1
b8a098ea10749eb910fe6f69f91d6bee8583c79e
-
SHA256
220e33c37d55d41322c6af19fcff7c27a1eadcee6ef3b073b0b50b2f92c71ba3
-
SHA512
6b96aafa9d6691b98981cd7643df9c5709d3d514d84aadb97617d9d1bf443ab6f02ece6bfb1797775568876676d9db14c5efe4750d54b4053def8b53c7fc78f7
-
SSDEEP
98304:1hQI9wzKxmhMIIKfGTibiyCC9cK8JE2ICafZmwjsEejd:1hIzKxmhhtbiyCicRKDUjd
Score10/10-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-