General
-
Target
2025-01-19_221e8480232231d1b3da1ffc132f2744_frostygoop_luca-stealer_poet-rat_snatch
-
Size
9.3MB
-
Sample
250119-qzpdhazrcn
-
MD5
221e8480232231d1b3da1ffc132f2744
-
SHA1
bd742e989bbe1213cd39dad4e7e54fc462713398
-
SHA256
4f0a68180f7d5a495d0adeb0a43986b7da26411e30557d524b2f2a03126451c1
-
SHA512
2425b059eeaec3eb49719c687bb62b32fe5f6d5bb3fc24ce4d949393c6248a05cd37ee518cfe78de1a011950805ce45cc347c9d5a057ecf2e2b45e131f1d96ef
-
SSDEEP
98304:5/MccOfweBnTwTvyFWZcVfTiXEAfXUclZsW6/:5DRwTvyUZcVfOUKb6/
Static task
static1
Behavioral task
behavioral1
Sample
2025-01-19_221e8480232231d1b3da1ffc132f2744_frostygoop_luca-stealer_poet-rat_snatch.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2025-01-19_221e8480232231d1b3da1ffc132f2744_frostygoop_luca-stealer_poet-rat_snatch.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2025-01-19_221e8480232231d1b3da1ffc132f2744_frostygoop_luca-stealer_poet-rat_snatch
-
Size
9.3MB
-
MD5
221e8480232231d1b3da1ffc132f2744
-
SHA1
bd742e989bbe1213cd39dad4e7e54fc462713398
-
SHA256
4f0a68180f7d5a495d0adeb0a43986b7da26411e30557d524b2f2a03126451c1
-
SHA512
2425b059eeaec3eb49719c687bb62b32fe5f6d5bb3fc24ce4d949393c6248a05cd37ee518cfe78de1a011950805ce45cc347c9d5a057ecf2e2b45e131f1d96ef
-
SSDEEP
98304:5/MccOfweBnTwTvyFWZcVfTiXEAfXUclZsW6/:5DRwTvyUZcVfOUKb6/
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2