File name:

2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch

Full analysis: https://app.any.run/tasks/99919034-6196-41d5-9b79-e698c6ef2c0a
Verdict: Malicious activity
Analysis date: April 29, 2025, 14:30:16
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
discord
websocket
auto-reg
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
MD5:

F287A88FBB162EDCA9E9C478C8DDC1DB

SHA1:

398E2E9FD417BE484522C112F3F897B837B1C223

SHA256:

9361437B582E24DAF514F4EC3666FB6CCB73C84BF465F322C4E6B13ACA57034A

SSDEEP:

98304:8kGRrZRxUyJsqGo6v84h1aOhdF7DesHknDDarKyRQpbfeZSCzcc1kfQGR1F:C

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7676)

  • SUSPICIOUS

    • The process checks if it is being run in the virtual environment

      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7676)
      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 8016)
      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7384)

    • Executable content was dropped or overwritten

      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7676)

    • Get information on the list of running processes

      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7676)
      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 8016)
      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7384)

    • Starts itself from another location

      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7676)

    • Uses ATTRIB.EXE to modify file attributes

      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7676)

  • INFO

    • Checks supported languages

      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7676)
      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 8016)
      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7384)

    • Drops encrypted JS script (Microsoft Script Encoder)

      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7676)
      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 8016)
      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7384)

    • Auto-launch of the file from Registry key

      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7676)

    • Reads the computer name

      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7384)
      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 8016)

    • Reads the software policy settings

      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7384)
      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 8016)
      • slui.exe (PID: 5740)

    • Attempting to use instant messaging service

      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7384)
      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 8016)

    • Reads the machine GUID from the registry

      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7384)
      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 8016)

    • Manual execution by a user

      • 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe (PID: 7384)

    • Checks proxy server information

      • slui.exe (PID: 5740)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 0000:00:00 00:00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 3
CodeSize: 3365888
InitializedDataSize: 332288
UninitializedDataSize: -
EntryPoint: 0x74780
OSVersion: 6.1
ImageVersion: 1
SubsystemVersion: 6.1
Subsystem: Windows GUI
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
12
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe tasklist.exe no specs conhost.exe no specs attrib.exe no specs conhost.exe no specs 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe tasklist.exe no specs conhost.exe no specs 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe tasklist.exe no specs conhost.exe no specs slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
5740C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7384"C:\Users\admin\Music\GRHUG-XLLEW\2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe" KOIFEC:\Users\admin\Music\GRHUG-XLLEW\2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\music\grhug-xllew\2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\umpdc.dll
c:\windows\system32\ws2_32.dll
7564\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetasklist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7576tasklistC:\Windows\System32\tasklist.exe2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
7676"C:\Users\admin\Desktop\2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe" C:\Users\admin\Desktop\2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\umpdc.dll
7708tasklistC:\Windows\System32\tasklist.exe2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
7716\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exetasklist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7936attrib +H +S C:\Users\admin\Music\GRHUG-XLLEWC:\Windows\System32\attrib.exe2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Attribute Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\attrib.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
7944\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeattrib.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
8016C:\Users\admin\Music\GRHUG-XLLEW\2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe KOIFEC:\Users\admin\Music\GRHUG-XLLEW\2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe
2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\music\grhug-xllew\2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\umpdc.dll
Total events
10 322
Read events
10 319
Write events
3
Delete events
0

Modification events

(PID) Process:(7676) 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:GRHUG
Value:
"C:\Users\admin\Music\GRHUG-XLLEW\2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe" KOIFE
(PID) Process:(8016) 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exeKey:HKEY_CLASSES_ROOT\FJUHI
Operation:writeName:SDOS
Value:
0x0001
(PID) Process:(7384) 2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exeKey:HKEY_CLASSES_ROOT\FJUHI
Operation:writeName:SDOS
Value:
0x0001
Executable files
1
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
76762025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exeC:\Users\admin\Music\GRHUG-XLLEW\2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exeexecutable
MD5:F287A88FBB162EDCA9E9C478C8DDC1DB
SHA256:9361437B582E24DAF514F4EC3666FB6CCB73C84BF465F322C4E6B13ACA57034A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
51
DNS requests
17
Threats
19

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
101
162.159.134.234:443
https://gateway.discord.gg/?v=9&encoding=json
unknown
5496
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4208
RUXIMICS.exe
GET
200
23.216.77.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4208
RUXIMICS.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
101
162.159.134.234:443
https://gateway.discord.gg/?v=9&encoding=json
unknown
GET
304
4.245.163.56:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
516
SIHClient.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
516
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
516
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
516
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5496
MoUsoCoreWorker.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4208
RUXIMICS.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4208
RUXIMICS.exe
23.216.77.42:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
4208
RUXIMICS.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5496
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 142.250.184.238
whitelisted
crl.microsoft.com
  • 23.216.77.42
  • 23.216.77.28
  • 23.216.77.6
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
www.microsoft.com
  • 23.35.229.160
whitelisted
discord.com
  • 162.159.137.232
  • 162.159.138.232
  • 162.159.136.232
  • 162.159.135.232
  • 162.159.128.233
whitelisted
gateway.discord.gg
  • 162.159.133.234
  • 162.159.135.234
  • 162.159.136.234
  • 162.159.130.234
  • 162.159.134.234
whitelisted
login.live.com
  • 40.126.31.131
  • 40.126.31.2
  • 40.126.31.0
  • 40.126.31.69
  • 20.190.159.75
  • 20.190.159.2
  • 40.126.31.130
  • 20.190.159.68
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
2196
svchost.exe
Misc activity
ET INFO Discord Chat Service Domain in DNS Lookup (discord .com)
8016
2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
8016
2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe
Misc activity
ET INFO Observed Discord Service Domain (discord .com) in TLS SNI
2196
svchost.exe
Misc activity
ET INFO Discord Chat Service Domain in DNS Lookup (gateway .discord .gg)
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
Misc activity
ET USER_AGENTS Discord Bot User-Agent Observed (DiscordBot)
8016
2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch.exe
Misc activity
ET INFO Observed Discord Service Domain (gateway .discord .gg) in TLS SNI
Misc activity
ET USER_AGENTS Go HTTP Client User-Agent
Misc activity
ET INFO Go-http-client User-Agent Observed Outbound
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
2025-04-29_f287a88fbb162edca9e9c478c8ddc1db_frostygoop_knight_luca-stealer_poet-rat_sliver_snatch