“sensitive data and system controls. salat malware abuses quic salat stealer supports multiple runtime modes based on its command - line arguments, enabling operators to deploy it in specialized roles. a “ - k ” switch starts a keylogger ‑ only mode, a three ‑ argument mode execut…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1053.005Scheduled Task
88%
“value hosts. the malware then archives and exfiltrates a wide range of data screenshots, process lists, discord and steam tokens, chromium and gecko browser data ( including dpapi ‑ decrypted secrets ), and cryptocurrency wallets compressing everything into a zip for upload. a ba…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1573.001Symmetric Cryptography
67%
“##ls are doubly encrypted inside the binary and decrypted via a chained pipeline of hex decoding and custom modes that culminate in aes ‑ gcm decryption before yielding five embedded / sa1at / endpoints across multiple domains and ports. if repeated connection attempts to all end…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1055.001Dynamic-link Library Injection
62%
“salat malware abuses quic and websockets for stealthy c2 control a powerful new windows malware family dubbed salat stealer, a go - based remote access trojan ( rat ) that blends classic infostealing with a stealthy quic / websocket command - and - control ( c2 ) channel and resi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1053Scheduled Task/Job
49%
“value hosts. the malware then archives and exfiltrates a wide range of data screenshots, process lists, discord and steam tokens, chromium and gecko browser data ( including dpapi ‑ decrypted secrets ), and cryptocurrency wallets compressing everything into a zip for upload. a ba…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1055.012Process Hollowing
38%
“salat malware abuses quic and websockets for stealthy c2 control a powerful new windows malware family dubbed salat stealer, a go - based remote access trojan ( rat ) that blends classic infostealing with a stealthy quic / websocket command - and - control ( c2 ) channel and resi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071.001Web Protocols
37%
“##ls are doubly encrypted inside the binary and decrypted via a chained pipeline of hex decoding and custom modes that culminate in aes ‑ gcm decryption before yielding five embedded / sa1at / endpoints across multiple domains and ports. if repeated connection attempts to all end…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A powerful new Windows malware family dubbed Salat Stealer, a Go-based Remote Access Trojan (RAT) that blends classic infostealing with a stealthy QUIC/WebSocket command-and-control (C2) channel and resilient blockchain-backed infrastructure. Written in Go, it supports remote shell access, desktop and webcam streaming, keylogging, clipboard theft, browser and crypto‑wallet data theft, and SOCKS5-based pivoting, giving operators interactive […]