General
-
Target
2024-10-29_37834eca6c068c551b49202739e6882e_ngrbot_poet-rat_snatch
-
Size
9.9MB
-
Sample
241029-ar928symhp
-
MD5
37834eca6c068c551b49202739e6882e
-
SHA1
83dc6b9e26f773758d042f1cc92bfd17f396edc3
-
SHA256
9d60a15cf6779912cc49ce36597b2264f97071c4afc61c370454931083df2e3f
-
SHA512
b880d2ec14ad71d9e2449422758b6ba36c9d726a3281cc9867bfdee9e46c3e523d8f7cacecef61d07399e9057f4062aa5ad954c58e1b5278879229890ba0f3da
-
SSDEEP
98304:PzU4brhxBASgf/gEpiji6Ig8TWAREIICafZm/mbnXg:PxrhxBAGZji6IdThyRTXg
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-29_37834eca6c068c551b49202739e6882e_ngrbot_poet-rat_snatch.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2024-10-29_37834eca6c068c551b49202739e6882e_ngrbot_poet-rat_snatch.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
skuld
https://discord.com/api/webhooks/1298438839865577564/LcdRm0rKPE01ApFPl9RQHGqhcuExeiqKGpghrB8Lv3iKniiyEa0mVBhFySte_oBx7wyQ
Targets
-
-
Target
2024-10-29_37834eca6c068c551b49202739e6882e_ngrbot_poet-rat_snatch
-
Size
9.9MB
-
MD5
37834eca6c068c551b49202739e6882e
-
SHA1
83dc6b9e26f773758d042f1cc92bfd17f396edc3
-
SHA256
9d60a15cf6779912cc49ce36597b2264f97071c4afc61c370454931083df2e3f
-
SHA512
b880d2ec14ad71d9e2449422758b6ba36c9d726a3281cc9867bfdee9e46c3e523d8f7cacecef61d07399e9057f4062aa5ad954c58e1b5278879229890ba0f3da
-
SSDEEP
98304:PzU4brhxBASgf/gEpiji6Ig8TWAREIICafZm/mbnXg:PxrhxBAGZji6IdThyRTXg
Score10/10-
Skuld family
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-