0c6ca8bee1ae329129634711d53356bf7bd13f86b9e68140dc5dd664f1f8c08c | Triage

Sharing

General

Target

2025-03-25_6be16213afc8338890849064fe2a8a97_poet-rat_sliver_snatch
Size

14.4MB
Sample

250325-nhyjqsynv4
MD5

6be16213afc8338890849064fe2a8a97
SHA1

bf6bd4dcfa44d09ff37552696eeba89b5b222f73
SHA256

0c6ca8bee1ae329129634711d53356bf7bd13f86b9e68140dc5dd664f1f8c08c
SHA512

3524629bfea2df4be81e6d8644301abdbdb90abb163d196eba2f0755b6d457b0cddbfe4acf8e12662df94420e755a641ae3de4ea2340edf52a18b6cda4cb867b
SSDEEP

196608:I+D5q1SGs2yRwtkpqShRBhR3hREhRqhRYhRkhRBhRWhRohRBhRKhRf:DAkLRLRxRYR+RkR4RLRCR0RLReRf

Score

6^/10

persistence

Malware Config

Targets

- Target
  
  2025-03-25_6be16213afc8338890849064fe2a8a97_poet-rat_sliver_snatch
- Size
  
  14.4MB
- MD5
  
  6be16213afc8338890849064fe2a8a97
- SHA1
  
  bf6bd4dcfa44d09ff37552696eeba89b5b222f73
- SHA256
  
  0c6ca8bee1ae329129634711d53356bf7bd13f86b9e68140dc5dd664f1f8c08c
- SHA512
  
  3524629bfea2df4be81e6d8644301abdbdb90abb163d196eba2f0755b6d457b0cddbfe4acf8e12662df94420e755a641ae3de4ea2340edf52a18b6cda4cb867b
- SSDEEP
  
  196608:I+D5q1SGs2yRwtkpqShRBhR3hREhRqhRYhRkhRBhRWhRohRBhRKhRf:DAkLRLRxRYR+RkR4RLRCR0RLReRf
Score

6^/10

persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2