General

  • Target

    2024-09-08_5b66c48ce06431d9cc4f4b350f1e61a0_poet-rat_snatch

  • Size

    5.0MB

  • Sample

    240908-l3qnhsscla

  • MD5

    5b66c48ce06431d9cc4f4b350f1e61a0

  • SHA1

    774e60bd7b46dbdeeeeab02d03a5b39732730148

  • SHA256

    4c74c481688ab28d5d72f569da8c86fb0c8a0d2f90a35d8c0599799b761b6574

  • SHA512

    2ddec8f6ce85250053fc05a2d0aea1f0d8ac5f8c354ceddb6cb4a7caed44096234497a3192b3ac387608c5aec2910d34f73514050a3a706f52b7ea760c76137d

  • SSDEEP

    49152:vgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGlJS5Zf:Y4e4uPpVm6gTVGIO7DfEo+eY

Malware Config

Targets

    • Target

      2024-09-08_5b66c48ce06431d9cc4f4b350f1e61a0_poet-rat_snatch

    • Size

      5.0MB

    • MD5

      5b66c48ce06431d9cc4f4b350f1e61a0

    • SHA1

      774e60bd7b46dbdeeeeab02d03a5b39732730148

    • SHA256

      4c74c481688ab28d5d72f569da8c86fb0c8a0d2f90a35d8c0599799b761b6574

    • SHA512

      2ddec8f6ce85250053fc05a2d0aea1f0d8ac5f8c354ceddb6cb4a7caed44096234497a3192b3ac387608c5aec2910d34f73514050a3a706f52b7ea760c76137d

    • SSDEEP

      49152:vgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGlJS5Zf:Y4e4uPpVm6gTVGIO7DfEo+eY

    • Detects MeshAgent payload

    • MeshAgent

      MeshAgent is a trojan written in C++.

    • Blocklisted process makes network request

    • Sets service image path in registry

    • Stops running service(s)

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks