General

  • Target

    2024-10-28_2dc8cdf825e23ff1df1ad11b3a6f1973_poet-rat_snatch

  • Size

    16.0MB

  • Sample

    241028-rr72bayqbj

  • MD5

    2dc8cdf825e23ff1df1ad11b3a6f1973

  • SHA1

    82af57e0e6d7cf944148d3a16d7c8ca94fa982f8

  • SHA256

    5d215747817125559e1a2d934c301ab466cbc956a6839c8a45f8b02b84b184d0

  • SHA512

    3f20bb95a167d10a2998a63ab0ccd69fe81822d24a39d868d019ac0ff890067c23c015dc0be531d9531be26d6d3f44d7f11c23214ba4778e038b6844f8c8879b

  • SSDEEP

    98304:dKulY9+o0L82IacWOEF8xbADr/xLCqjqdYCDBvYuSHFCxMg:DZVyj8/tCGiBdSHF7g

Malware Config

Targets

    • Target

      2024-10-28_2dc8cdf825e23ff1df1ad11b3a6f1973_poet-rat_snatch

    • Size

      16.0MB

    • MD5

      2dc8cdf825e23ff1df1ad11b3a6f1973

    • SHA1

      82af57e0e6d7cf944148d3a16d7c8ca94fa982f8

    • SHA256

      5d215747817125559e1a2d934c301ab466cbc956a6839c8a45f8b02b84b184d0

    • SHA512

      3f20bb95a167d10a2998a63ab0ccd69fe81822d24a39d868d019ac0ff890067c23c015dc0be531d9531be26d6d3f44d7f11c23214ba4778e038b6844f8c8879b

    • SSDEEP

      98304:dKulY9+o0L82IacWOEF8xbADr/xLCqjqdYCDBvYuSHFCxMg:DZVyj8/tCGiBdSHF7g

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks