General
-
Target
2024-09-08_5b66c48ce06431d9cc4f4b350f1e61a0_poet-rat_snatch
-
Size
5.0MB
-
Sample
240908-l3qnhsscla
-
MD5
5b66c48ce06431d9cc4f4b350f1e61a0
-
SHA1
774e60bd7b46dbdeeeeab02d03a5b39732730148
-
SHA256
4c74c481688ab28d5d72f569da8c86fb0c8a0d2f90a35d8c0599799b761b6574
-
SHA512
2ddec8f6ce85250053fc05a2d0aea1f0d8ac5f8c354ceddb6cb4a7caed44096234497a3192b3ac387608c5aec2910d34f73514050a3a706f52b7ea760c76137d
-
SSDEEP
49152:vgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGlJS5Zf:Y4e4uPpVm6gTVGIO7DfEo+eY
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-08_5b66c48ce06431d9cc4f4b350f1e61a0_poet-rat_snatch.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2024-09-08_5b66c48ce06431d9cc4f4b350f1e61a0_poet-rat_snatch
-
Size
5.0MB
-
MD5
5b66c48ce06431d9cc4f4b350f1e61a0
-
SHA1
774e60bd7b46dbdeeeeab02d03a5b39732730148
-
SHA256
4c74c481688ab28d5d72f569da8c86fb0c8a0d2f90a35d8c0599799b761b6574
-
SHA512
2ddec8f6ce85250053fc05a2d0aea1f0d8ac5f8c354ceddb6cb4a7caed44096234497a3192b3ac387608c5aec2910d34f73514050a3a706f52b7ea760c76137d
-
SSDEEP
49152:vgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGlJS5Zf:Y4e4uPpVm6gTVGIO7DfEo+eY
-
Detects MeshAgent payload
-
Blocklisted process makes network request
-
Sets service image path in registry
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1