General
-
Target
2024-09-08_b2335e5c84c05a8e355ae4b9ee41f50a_poet-rat_snatch
-
Size
5.0MB
-
Sample
240908-mc5kes1aml
-
MD5
b2335e5c84c05a8e355ae4b9ee41f50a
-
SHA1
8451c640c1817e9e18d3f575a1233c4ba9754579
-
SHA256
6aebab43a79697212b99e5abbba345a72a05c78089295c8b08fcd5f12ba0d90a
-
SHA512
0acd77952746e64470d8b43470c2affa2e4bd96e8eae3c0597a04282f8b26cb696d605915f35967d7e99b62fa085dec9f9431340fb3b7eed86a1fc4ad686370a
-
SSDEEP
49152:hgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGlJS5Z8:u4e4uPpVm6gTVGIO7DfE0+ev
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-08_b2335e5c84c05a8e355ae4b9ee41f50a_poet-rat_snatch.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2024-09-08_b2335e5c84c05a8e355ae4b9ee41f50a_poet-rat_snatch
-
Size
5.0MB
-
MD5
b2335e5c84c05a8e355ae4b9ee41f50a
-
SHA1
8451c640c1817e9e18d3f575a1233c4ba9754579
-
SHA256
6aebab43a79697212b99e5abbba345a72a05c78089295c8b08fcd5f12ba0d90a
-
SHA512
0acd77952746e64470d8b43470c2affa2e4bd96e8eae3c0597a04282f8b26cb696d605915f35967d7e99b62fa085dec9f9431340fb3b7eed86a1fc4ad686370a
-
SSDEEP
49152:hgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGlJS5Z8:u4e4uPpVm6gTVGIO7DfE0+ev
-
Detects MeshAgent payload
-
Sets service image path in registry
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1System Services
1Service Execution
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Defense Evasion
Impair Defenses
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1