General

  • Target

    2024-09-08_b2335e5c84c05a8e355ae4b9ee41f50a_poet-rat_snatch

  • Size

    5.0MB

  • Sample

    240908-mc5kes1aml

  • MD5

    b2335e5c84c05a8e355ae4b9ee41f50a

  • SHA1

    8451c640c1817e9e18d3f575a1233c4ba9754579

  • SHA256

    6aebab43a79697212b99e5abbba345a72a05c78089295c8b08fcd5f12ba0d90a

  • SHA512

    0acd77952746e64470d8b43470c2affa2e4bd96e8eae3c0597a04282f8b26cb696d605915f35967d7e99b62fa085dec9f9431340fb3b7eed86a1fc4ad686370a

  • SSDEEP

    49152:hgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGlJS5Z8:u4e4uPpVm6gTVGIO7DfE0+ev

Malware Config

Targets

    • Target

      2024-09-08_b2335e5c84c05a8e355ae4b9ee41f50a_poet-rat_snatch

    • Size

      5.0MB

    • MD5

      b2335e5c84c05a8e355ae4b9ee41f50a

    • SHA1

      8451c640c1817e9e18d3f575a1233c4ba9754579

    • SHA256

      6aebab43a79697212b99e5abbba345a72a05c78089295c8b08fcd5f12ba0d90a

    • SHA512

      0acd77952746e64470d8b43470c2affa2e4bd96e8eae3c0597a04282f8b26cb696d605915f35967d7e99b62fa085dec9f9431340fb3b7eed86a1fc4ad686370a

    • SSDEEP

      49152:hgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGlJS5Z8:u4e4uPpVm6gTVGIO7DfE0+ev

    • Detects MeshAgent payload

    • MeshAgent

      MeshAgent is a trojan written in C++.

    • Sets service image path in registry

    • Stops running service(s)

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks