Extracted

• • Target

    2024-10-29_37834eca6c068c551b49202739e6882e_ngrbot_poet-rat_snatch

  • Size

    9.9MB

  • MD5

    37834eca6c068c551b49202739e6882e

  • SHA1

    83dc6b9e26f773758d042f1cc92bfd17f396edc3

  • SHA256

    9d60a15cf6779912cc49ce36597b2264f97071c4afc61c370454931083df2e3f

  • SHA512

    b880d2ec14ad71d9e2449422758b6ba36c9d726a3281cc9867bfdee9e46c3e523d8f7cacecef61d07399e9057f4062aa5ad954c58e1b5278879229890ba0f3da

  • SSDEEP

    98304:PzU4brhxBASgf/gEpiji6Ig8TWAREIICafZm/mbnXg:PxrhxBAGZji6IdThyRTXg

  Score

  10^/10

  skuldpersistencestealer

  • Skuld family

    skuld

  • Skuld stealer

    An info stealer written in Go lang.

    stealerskuld

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2