General
-
Target
webrat.exe
-
Size
3.1MB
-
Sample
250327-yjbfpsxtcw
-
MD5
1c3b8bd025d5b9663dd0e02d3405e0df
-
SHA1
92b07502328992e7fc21a11fac39f93cceffeb22
-
SHA256
18c5e65e4b9da90324c170b3f5f20a1dc8c818b38dcde6b146c3af1f423def3f
-
SHA512
a49523270de2a235aedbd1698d01a70f6d4967e06287e8b8630b1b11758bdb56507fc066d6d404e850e60c6fd9ef2cb075fa3d7085bc24ce9b946d306ff396cb
-
SSDEEP
49152:zRlpygxOgF2Kxw/EnMr+NQdiFyBEQhJHZRPsy4jFwlBJm+/D9cEmbvvF:VlpyWOXKxw8n8/gMBEQ3sTAtRObv
Malware Config
Targets
-
-
Target
webrat.exe
-
Size
3.1MB
-
MD5
1c3b8bd025d5b9663dd0e02d3405e0df
-
SHA1
92b07502328992e7fc21a11fac39f93cceffeb22
-
SHA256
18c5e65e4b9da90324c170b3f5f20a1dc8c818b38dcde6b146c3af1f423def3f
-
SHA512
a49523270de2a235aedbd1698d01a70f6d4967e06287e8b8630b1b11758bdb56507fc066d6d404e850e60c6fd9ef2cb075fa3d7085bc24ce9b946d306ff396cb
-
SSDEEP
49152:zRlpygxOgF2Kxw/EnMr+NQdiFyBEQhJHZRPsy4jFwlBJm+/D9cEmbvvF:VlpyWOXKxw8n8/gMBEQ3sTAtRObv
Score10/10-
Detect SalatStealer payload
-
Salatstealer family
-
salatstealer
SalatStealer is a stealer that takes sceenshot written in Golang.
-
Executes dropped EXE
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
4