salatstealer | 2025-03-30_6b52f3ff1ebd3fd2df89d719ae6493be_frostygoop_poet-rat_sliver_snatch | Triage

Sharing

General

Target

2025-03-30_6b52f3ff1ebd3fd2df89d719ae6493be_frostygoop_poet-rat_sliver_snatch
Size

11.1MB
MD5

6b52f3ff1ebd3fd2df89d719ae6493be
SHA1

d1082ffb9f04d90a4c864e2c8614566788d55ad2
SHA256

81b70907874cdd38d0ec8d4f00fef097a19cd78735fe9f538b1a2262765483b1
SHA512

77539762fad79e74fc40c046189056991862f30fa572bea811aa3693c86cab0280b51c7d60c983a4807ae92d375623ddff2b8d880bf82792c02ad413da15caf3
SSDEEP

49152:0YYn0qsmj5ZeAwgH3wXwYjXeNUdKPfkSxN03x6c/9DDIc6cuRdN4I5ALIrHa64cZ:JA0qs4hwMrmC3e16FPj2u5+PYSag

Score

10^/10

salatstealer

Malware Config

Signatures

Detect SalatStealer payload 1 IoCs

resource	yara_rule
sample	family_salatstealer

Salatstealer family
salatstealer

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-30_6b52f3ff1ebd3fd2df89d719ae6493be_frostygoop_poet-rat_sliver_snatch

Files

2025-03-30_6b52f3ff1ebd3fd2df89d719ae6493be_frostygoop_poet-rat_sliver_snatch
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 334KB - Virtual size: 627KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ