General

  • Target

    2024-10-31_312d6724e0481537bb7f7767d0f4e1f9_poet-rat_snatch

  • Size

    9.7MB

  • Sample

    241031-2dlahawjfq

  • MD5

    312d6724e0481537bb7f7767d0f4e1f9

  • SHA1

    bc66ccc2df7fe1b927ebe8d5f5194d7a3071246d

  • SHA256

    0a2804504d007506cb9f6264549701b475839fe19e882648f7006fc293e4bbe3

  • SHA512

    3fd74a27110c4a7300bfb60356c5a10d74691d49e31e4bfd71070f9c6bf2dca770ff80ddc8c477757533b306579e72cb55a4fcd44f0ee9689a9637804a9365d2

  • SSDEEP

    98304:xIyByOCYvDXv3JE/7FsHEuUVlgE6zPLMu:SUVCeEuU7Z

Malware Config

Targets

    • Target

      2024-10-31_312d6724e0481537bb7f7767d0f4e1f9_poet-rat_snatch

    • Size

      9.7MB

    • MD5

      312d6724e0481537bb7f7767d0f4e1f9

    • SHA1

      bc66ccc2df7fe1b927ebe8d5f5194d7a3071246d

    • SHA256

      0a2804504d007506cb9f6264549701b475839fe19e882648f7006fc293e4bbe3

    • SHA512

      3fd74a27110c4a7300bfb60356c5a10d74691d49e31e4bfd71070f9c6bf2dca770ff80ddc8c477757533b306579e72cb55a4fcd44f0ee9689a9637804a9365d2

    • SSDEEP

      98304:xIyByOCYvDXv3JE/7FsHEuUVlgE6zPLMu:SUVCeEuU7Z

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks