Extracted

• • Target

    2024-10-22_e44b0115b09a99e810c9e553e6a3b738_ngrbot_poet-rat_snatch

  • Size

    9.9MB

  • MD5

    e44b0115b09a99e810c9e553e6a3b738

  • SHA1

    e32ea33b3528a130f65d51cf60521aa3a4fdd2d2

  • SHA256

    25193a2af45b78c79136888748092d592a152f73c4805797f2d126b49d0fca8e

  • SHA512

    33580afabdd2c770514711384a09feab815715a2c417574afc00eb2bf60dc3991082e5ceb8148ae8a995896d1e3710b0b1ca0d3f450c86a481afed7896aba834

  • SSDEEP

    98304:FzU4brhxBASgf/gEpiji6Ig8TWAtEIICafZm/mbnXg:FxrhxBAGZji6IdTh+RTXg

  Score

  10^/10

  skuldpersistencestealer

  • Skuld stealer

    An info stealer written in Go lang.

    stealerskuld

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2