Overview

overview

10

Static

static

10

2025-03-02...ch.exe

windows7-x64

1

2025-03-02...ch.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-02_37c310c0b6a96543a2457d5d3df100a5_frostygoop_golang_luca-stealer_poet-rat_sliver_snatch

  • Size

    14.7MB

  • Sample

    250302-b9gzvazqw2

  • MD5

    37c310c0b6a96543a2457d5d3df100a5

  • SHA1

    e34f3701aebc8e4a0711e230ae11e10df5b1c682

  • SHA256

    a613ba091bc25535b066c9b3ffa6c809cc2e981634c916a23b38b6c8402729fb

  • SHA512

    c31b746731c2726b299fd36656dd1578daa6fa7f2bb301709a381785b3833d5b2e5632a43b44034c8deb0fec4f0c6a2c7bcebd0e85004b9ef11f94ab9b4fd5d6

  • SSDEEP

    196608:Gcj8C4Fu4W7YRpzBT74JmeVPQrWF06TRf:dL4FupU74JPV4rO0+

Score
10/10
hackbrowserdatadefense_evasionexecution

Malware Config

Targets

    • Target

      2025-03-02_37c310c0b6a96543a2457d5d3df100a5_frostygoop_golang_luca-stealer_poet-rat_sliver_snatch

    • Size

      14.7MB

    • MD5

      37c310c0b6a96543a2457d5d3df100a5

    • SHA1

      e34f3701aebc8e4a0711e230ae11e10df5b1c682

    • SHA256

      a613ba091bc25535b066c9b3ffa6c809cc2e981634c916a23b38b6c8402729fb

    • SHA512

      c31b746731c2726b299fd36656dd1578daa6fa7f2bb301709a381785b3833d5b2e5632a43b44034c8deb0fec4f0c6a2c7bcebd0e85004b9ef11f94ab9b4fd5d6

    • SSDEEP

      196608:Gcj8C4Fu4W7YRpzBT74JmeVPQrWF06TRf:dL4FupU74JPV4rO0+

    Score
    9/10
    defense_evasionexecution

    • Enumerates VirtualBox DLL files

    • Enumerates VirtualBox registry keys

      defense_evasion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Identifies Xen via ACPI registry values (likely anti-VM)

      defense_evasion

    • Looks for Parallels drivers on disk.

      defense_evasion

    • Looks for VirtualBox Guest Additions in registry

      defense_evasion

    • Looks for VirtualBox drivers on disk

      defense_evasion

    • Looks for VirtualBox executables on disk

    • Looks for VMWare Tools registry key

      defense_evasion

    • Looks for VMWare drivers on disk

      defense_evasion

    • Looks for VMWare services registry key.

      defense_evasion

    • Looks for Xen service registry key.

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks