salatstealer | 2025-03-29_6f08ceeabcccd821ffc938bda9ed61e7_frostygoop_poet-rat_sliver_snatch | Triage

Sharing

General

Target

2025-03-29_6f08ceeabcccd821ffc938bda9ed61e7_frostygoop_poet-rat_sliver_snatch
Size

11.1MB
MD5

6f08ceeabcccd821ffc938bda9ed61e7
SHA1

b36b3f71afcdf771a8c0e8bca5c8168ad82152f2
SHA256

a4a030be981e596599ef91e961596552ef1c9b40e282ecf03502e11d6669b963
SHA512

8364b4b1524f6d5b1c545907d3e9e464b4a25b53969c09a8f29218b542d8e8516542a35cd2c245fffb71fc1f37ec60c6315525d7c49d8fb4327b5dded405f3c7
SSDEEP

98304:t1PJsVqzER9lYsEmUcqOuC6QtgzVPuBciF:KlliR7Egz9mcY

Score

10^/10

salatstealer

Malware Config

Signatures

Detect SalatStealer payload 1 IoCs

resource	yara_rule
sample	family_salatstealer

Salatstealer family
salatstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-29_6f08ceeabcccd821ffc938bda9ed61e7_frostygoop_poet-rat_sliver_snatch

Files

2025-03-29_6f08ceeabcccd821ffc938bda9ed61e7_frostygoop_poet-rat_sliver_snatch
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 334KB - Virtual size: 627KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ