Extracted

• • Target

    2024-11-01_40d018859295feb0f4c867e419a58472_ngrbot_poet-rat_snatch

  • Size

    9.9MB

  • MD5

    40d018859295feb0f4c867e419a58472

  • SHA1

    4c103801d169f4f95ec5c813b6d69bd7ef0ad6c9

  • SHA256

    6d3c84d200a51ce6c2c3053d3bf342eeaf4992b8d724ecf85322631c5aacad42

  • SHA512

    5b443e7c6c52379fae97332ead31b7309d9235c0040c8c3e470d2aff2c74d293fe2b4ea8c2b1029a49be1f799f301621633ba6772b012792c4a10c1d747c1fec

  • SSDEEP

    98304:HzU4brhxBASgf/gEpiji6Ig8TWAHEIICafZm/mbnXg:HxrhxBAGZji6IdThkRTXg

  Score

  10^/10

  skuldpersistencestealer

  • Skuld family

    skuld

  • Skuld stealer

    An info stealer written in Go lang.

    stealerskuld

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2