Overview

overview

10

Static

static

10

2025-03-29...ch.exe

windows7-x64

1

2025-03-29...ch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-29_6f08ceeabcccd821ffc938bda9ed61e7_frostygoop_poet-rat_sliver_snatch

  • Size

    11.1MB

  • Sample

    250329-zqjw4attcx

  • MD5

    6f08ceeabcccd821ffc938bda9ed61e7

  • SHA1

    b36b3f71afcdf771a8c0e8bca5c8168ad82152f2

  • SHA256

    a4a030be981e596599ef91e961596552ef1c9b40e282ecf03502e11d6669b963

  • SHA512

    8364b4b1524f6d5b1c545907d3e9e464b4a25b53969c09a8f29218b542d8e8516542a35cd2c245fffb71fc1f37ec60c6315525d7c49d8fb4327b5dded405f3c7

  • SSDEEP

    98304:t1PJsVqzER9lYsEmUcqOuC6QtgzVPuBciF:KlliR7Egz9mcY

Score
10/10
salatstealercredential_accessdiscoveryspywarestealer

Malware Config

Targets

    • Target

      2025-03-29_6f08ceeabcccd821ffc938bda9ed61e7_frostygoop_poet-rat_sliver_snatch

    • Size

      11.1MB

    • MD5

      6f08ceeabcccd821ffc938bda9ed61e7

    • SHA1

      b36b3f71afcdf771a8c0e8bca5c8168ad82152f2

    • SHA256

      a4a030be981e596599ef91e961596552ef1c9b40e282ecf03502e11d6669b963

    • SHA512

      8364b4b1524f6d5b1c545907d3e9e464b4a25b53969c09a8f29218b542d8e8516542a35cd2c245fffb71fc1f37ec60c6315525d7c49d8fb4327b5dded405f3c7

    • SSDEEP

      98304:t1PJsVqzER9lYsEmUcqOuC6QtgzVPuBciF:KlliR7Egz9mcY

    Score
    10/10
    salatstealercredential_accessdiscoveryspywarestealer

    • Detect SalatStealer payload

    • Salatstealer family

      salatstealer

    • salatstealer

      SalatStealer is a stealer that takes sceenshot written in Golang.

      stealersalatstealer

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.