General
-
Target
2024-09-07_c92a0dc25602c31f95d9e95e768c68b7_poet-rat_snatch
-
Size
5.0MB
-
Sample
240907-nqqh4ascpr
-
MD5
c92a0dc25602c31f95d9e95e768c68b7
-
SHA1
9c386b1d5b6dacc3f6e2be8f43dcc0ec23391626
-
SHA256
64be74b7ac7377c363c7b248938ff33410ab4a3555c697d8d84ea50f6d5a5bae
-
SHA512
13e83e96673bba9cf29ddb3e7fe6b1da7d09256f3c6e7911a7fc0458164f1f784dd09402c25e399825d53ab90afdc4149cc14c2934cca2369efa267f307fb73b
-
SSDEEP
49152:dgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGlJS5Zv:64e4uPpVm6gTVGIO7DfEG+ei
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-07_c92a0dc25602c31f95d9e95e768c68b7_poet-rat_snatch.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2024-09-07_c92a0dc25602c31f95d9e95e768c68b7_poet-rat_snatch
-
Size
5.0MB
-
MD5
c92a0dc25602c31f95d9e95e768c68b7
-
SHA1
9c386b1d5b6dacc3f6e2be8f43dcc0ec23391626
-
SHA256
64be74b7ac7377c363c7b248938ff33410ab4a3555c697d8d84ea50f6d5a5bae
-
SHA512
13e83e96673bba9cf29ddb3e7fe6b1da7d09256f3c6e7911a7fc0458164f1f784dd09402c25e399825d53ab90afdc4149cc14c2934cca2369efa267f307fb73b
-
SSDEEP
49152:dgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGlJS5Zv:64e4uPpVm6gTVGIO7DfEG+ei
-
Detects MeshAgent payload
-
Blocklisted process makes network request
-
Sets service image path in registry
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1