General

  • Target

    2024-09-24_c48e8edc68378461a358bf76afb2cb50_hijackloader_poet-rat_snatch

  • Size

    19.0MB

  • Sample

    240924-2p4k8azdkn

  • MD5

    c48e8edc68378461a358bf76afb2cb50

  • SHA1

    1457f5eda579ad7b4772e16378e1d6de312b66c3

  • SHA256

    eae7ea70c95f35b473b9ae7cba6079b6b26d15f4c7167d7119ed4cb0afd7880b

  • SHA512

    77a90eac1d5ab5d59a3c6b0ed8d3700edbfd6096b4c6fa8b03f8802b22234cc384aa7f58b115435629649655fac4144e6d78aaa21e68e2e930e09214b9885bd4

  • SSDEEP

    196608:XDfS4aFBcMkZbmna1cCwvylAjWZ0Xq9YLuxMfCVb2:faF/CinaqtvylAjWZ0Xq9YLuxMfCVb2

Malware Config

Targets

    • Target

      2024-09-24_c48e8edc68378461a358bf76afb2cb50_hijackloader_poet-rat_snatch

    • Size

      19.0MB

    • MD5

      c48e8edc68378461a358bf76afb2cb50

    • SHA1

      1457f5eda579ad7b4772e16378e1d6de312b66c3

    • SHA256

      eae7ea70c95f35b473b9ae7cba6079b6b26d15f4c7167d7119ed4cb0afd7880b

    • SHA512

      77a90eac1d5ab5d59a3c6b0ed8d3700edbfd6096b4c6fa8b03f8802b22234cc384aa7f58b115435629649655fac4144e6d78aaa21e68e2e930e09214b9885bd4

    • SSDEEP

      196608:XDfS4aFBcMkZbmna1cCwvylAjWZ0Xq9YLuxMfCVb2:faF/CinaqtvylAjWZ0Xq9YLuxMfCVb2

    • Detects MeshAgent payload

    • MeshAgent

      MeshAgent is an open source remote access trojan written in C++.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets service image path in registry

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks