e34688337188b0f3b100478d1f8d851df92fac8ee8cd45f341a5975affe57c6d | Triage

Sharing

General

Target

2025-03-31_f37a98a2c85d7320a9ed6d27e1b62b24_cobalt-strike_poet-rat_sliver_snatch
Size

9.9MB
Sample

250331-sj5rnasvfz
MD5

f37a98a2c85d7320a9ed6d27e1b62b24
SHA1

6892c0a632d00c56e8cacca734e50ec9f36ce140
SHA256

e34688337188b0f3b100478d1f8d851df92fac8ee8cd45f341a5975affe57c6d
SHA512

495b39cca67baad5e4de54cca71bfd17fb2420a0a57112e933cbfbd2b66aa108bd1b07a3b8da292d77992f687714c762e8f47d66d72fbedf41e91142d6c60ba1
SSDEEP

196608:I+D5q1SGs2yRwtkpqShRBhR3hRbhRJhR2hR7:DAkLRLRxRtRDRiR7

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  2025-03-31_f37a98a2c85d7320a9ed6d27e1b62b24_cobalt-strike_poet-rat_sliver_snatch
- Size
  
  9.9MB
- MD5
  
  f37a98a2c85d7320a9ed6d27e1b62b24
- SHA1
  
  6892c0a632d00c56e8cacca734e50ec9f36ce140
- SHA256
  
  e34688337188b0f3b100478d1f8d851df92fac8ee8cd45f341a5975affe57c6d
- SHA512
  
  495b39cca67baad5e4de54cca71bfd17fb2420a0a57112e933cbfbd2b66aa108bd1b07a3b8da292d77992f687714c762e8f47d66d72fbedf41e91142d6c60ba1
- SSDEEP
  
  196608:I+D5q1SGs2yRwtkpqShRBhR3hRbhRJhR2hR7:DAkLRLRxRtRDRiR7
Score

7^/10

persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1