General
-
Target
2024-10-21_5fff3ba3ea60ad8a176069897bb53339_poet-rat_snatch
-
Size
23.7MB
-
Sample
241021-scl1zazcpr
-
MD5
5fff3ba3ea60ad8a176069897bb53339
-
SHA1
63c8f911841c8242b69fb92e1d101b2de333eecf
-
SHA256
b0bcdcc422e8b2c88a3eed50755bf53d35f0a74df88b40f66afd5f52678fef75
-
SHA512
6af0da10b18f61eac0a49d729a5e731e28a0f256d5de1e27b9553296a7419e41a81039ecc5e39b792df956de5b6793d136ebf5fa3934e6fda0ae00943a9e5cdd
-
SSDEEP
196608:MB6GIp6NmZ9SHowBg9fmIAw4Cs9ouPf5/:RqSPAw4Cs9ou5
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-21_5fff3ba3ea60ad8a176069897bb53339_poet-rat_snatch.exe
Resource
win7-20240708-en
Malware Config
Extracted
lumma
https://drawwyobstacw.sbs
https://condifendteu.sbs
https://ehticsprocw.sbs
https://vennurviot.sbs
https://resinedyw.sbs
https://enlargkiw.sbs
https://allocatinow.sbs
https://mathcucom.sbs
https://shelfedpriveowp.shop/api
Targets
-
-
Target
2024-10-21_5fff3ba3ea60ad8a176069897bb53339_poet-rat_snatch
-
Size
23.7MB
-
MD5
5fff3ba3ea60ad8a176069897bb53339
-
SHA1
63c8f911841c8242b69fb92e1d101b2de333eecf
-
SHA256
b0bcdcc422e8b2c88a3eed50755bf53d35f0a74df88b40f66afd5f52678fef75
-
SHA512
6af0da10b18f61eac0a49d729a5e731e28a0f256d5de1e27b9553296a7419e41a81039ecc5e39b792df956de5b6793d136ebf5fa3934e6fda0ae00943a9e5cdd
-
SSDEEP
196608:MB6GIp6NmZ9SHowBg9fmIAw4Cs9ouPf5/:RqSPAw4Cs9ou5
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-