General
-
Target
2024-09-24_c48e8edc68378461a358bf76afb2cb50_hijackloader_poet-rat_snatch
-
Size
19.0MB
-
Sample
240924-2p4k8azdkn
-
MD5
c48e8edc68378461a358bf76afb2cb50
-
SHA1
1457f5eda579ad7b4772e16378e1d6de312b66c3
-
SHA256
eae7ea70c95f35b473b9ae7cba6079b6b26d15f4c7167d7119ed4cb0afd7880b
-
SHA512
77a90eac1d5ab5d59a3c6b0ed8d3700edbfd6096b4c6fa8b03f8802b22234cc384aa7f58b115435629649655fac4144e6d78aaa21e68e2e930e09214b9885bd4
-
SSDEEP
196608:XDfS4aFBcMkZbmna1cCwvylAjWZ0Xq9YLuxMfCVb2:faF/CinaqtvylAjWZ0Xq9YLuxMfCVb2
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-24_c48e8edc68378461a358bf76afb2cb50_hijackloader_poet-rat_snatch.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2024-09-24_c48e8edc68378461a358bf76afb2cb50_hijackloader_poet-rat_snatch
-
Size
19.0MB
-
MD5
c48e8edc68378461a358bf76afb2cb50
-
SHA1
1457f5eda579ad7b4772e16378e1d6de312b66c3
-
SHA256
eae7ea70c95f35b473b9ae7cba6079b6b26d15f4c7167d7119ed4cb0afd7880b
-
SHA512
77a90eac1d5ab5d59a3c6b0ed8d3700edbfd6096b4c6fa8b03f8802b22234cc384aa7f58b115435629649655fac4144e6d78aaa21e68e2e930e09214b9885bd4
-
SSDEEP
196608:XDfS4aFBcMkZbmna1cCwvylAjWZ0Xq9YLuxMfCVb2:faF/CinaqtvylAjWZ0Xq9YLuxMfCVb2
-
Detects MeshAgent payload
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets service image path in registry
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-