4196cf1c453b0c000455d4f1dfbb884e4981d13e5aed8b851c836a96435fa007

Analysis

max time kernel
120s
max time network
139s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20250307-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20250307-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
27/03/2025, 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-27_0c3638332ff7b1f5f1431297b3405725_poet-rat_sliver
Size

15.0MB
MD5

0c3638332ff7b1f5f1431297b3405725
SHA1

8de6206eee868c94786bdaaea9d43cb0309a383b
SHA256

4196cf1c453b0c000455d4f1dfbb884e4981d13e5aed8b851c836a96435fa007
SHA512

96d6eeec9529b7bbf7e415ad1ce2888686dcd3f2a6bf06bbbf33c9f9c659a0a8aef5e2d7714bb161a0dd303f858cd025f59d607eb9877693877fcb8f88d68bd4
SSDEEP

98304:7Xtz0uTHjlqqWAfL9xFkO4gVHds3tcwcLQgtWE1J3XExfpIrURK6rRt6vS4j9Gny:7XtZ5VfL1kO4gVu+wEFtTTDAlA

Score

3^/10

discovery

Malware Config

Signatures

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	2025-03-27_0c3638332ff7b1f5f1431297b3405725_poet-rat_sliver

/tmp/2025-03-27_0c3638332ff7b1f5f1431297b3405725_poet-rat_sliver
/tmp/2025-03-27_0c3638332ff7b1f5f1431297b3405725_poet-rat_sliver
1⤵
- Enumerates kernel/hardware configuration
PID:1560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads