General

  • Target

    2024-09-07_c92a0dc25602c31f95d9e95e768c68b7_poet-rat_snatch

  • Size

    5.0MB

  • Sample

    240907-nqqh4ascpr

  • MD5

    c92a0dc25602c31f95d9e95e768c68b7

  • SHA1

    9c386b1d5b6dacc3f6e2be8f43dcc0ec23391626

  • SHA256

    64be74b7ac7377c363c7b248938ff33410ab4a3555c697d8d84ea50f6d5a5bae

  • SHA512

    13e83e96673bba9cf29ddb3e7fe6b1da7d09256f3c6e7911a7fc0458164f1f784dd09402c25e399825d53ab90afdc4149cc14c2934cca2369efa267f307fb73b

  • SSDEEP

    49152:dgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGlJS5Zv:64e4uPpVm6gTVGIO7DfEG+ei

Malware Config

Targets

    • Target

      2024-09-07_c92a0dc25602c31f95d9e95e768c68b7_poet-rat_snatch

    • Size

      5.0MB

    • MD5

      c92a0dc25602c31f95d9e95e768c68b7

    • SHA1

      9c386b1d5b6dacc3f6e2be8f43dcc0ec23391626

    • SHA256

      64be74b7ac7377c363c7b248938ff33410ab4a3555c697d8d84ea50f6d5a5bae

    • SHA512

      13e83e96673bba9cf29ddb3e7fe6b1da7d09256f3c6e7911a7fc0458164f1f784dd09402c25e399825d53ab90afdc4149cc14c2934cca2369efa267f307fb73b

    • SSDEEP

      49152:dgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGlJS5Zv:64e4uPpVm6gTVGIO7DfEG+ei

    • Detects MeshAgent payload

    • MeshAgent

      MeshAgent is a trojan written in C++.

    • Blocklisted process makes network request

    • Sets service image path in registry

    • Stops running service(s)

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks