General
-
Target
2024-09-24_4dfdae8af85639b2c395c7b10c6bf896_hijackloader_poet-rat_snatch
-
Size
18.9MB
-
Sample
240924-d2aa5sshjj
-
MD5
4dfdae8af85639b2c395c7b10c6bf896
-
SHA1
347bef6b6b30d1caf3af7e8709fefeec2a277071
-
SHA256
b01fbd9f1842d5d983b203735b87bc646e3a332d6d975f6e4d05e11a346691bf
-
SHA512
dcfd495f4012c051d5a5fdff7b77c8db65ef4036a6eb6d6ffe8e359f6625a4daea5dd4c851e3bc033b8eedcba09648592f02039d3ba11cd8a39f5f9a98272186
-
SSDEEP
393216:g8g8THhdWnaqtvylAjWZ0Xq9YLuxMfCVb2z:Zg8mhtvylAjWZ0Xq9YLuxMfCVKz
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-24_4dfdae8af85639b2c395c7b10c6bf896_hijackloader_poet-rat_snatch.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2024-09-24_4dfdae8af85639b2c395c7b10c6bf896_hijackloader_poet-rat_snatch
-
Size
18.9MB
-
MD5
4dfdae8af85639b2c395c7b10c6bf896
-
SHA1
347bef6b6b30d1caf3af7e8709fefeec2a277071
-
SHA256
b01fbd9f1842d5d983b203735b87bc646e3a332d6d975f6e4d05e11a346691bf
-
SHA512
dcfd495f4012c051d5a5fdff7b77c8db65ef4036a6eb6d6ffe8e359f6625a4daea5dd4c851e3bc033b8eedcba09648592f02039d3ba11cd8a39f5f9a98272186
-
SSDEEP
393216:g8g8THhdWnaqtvylAjWZ0Xq9YLuxMfCVb2z:Zg8mhtvylAjWZ0Xq9YLuxMfCVKz
-
Detects MeshAgent payload
-
Blocklisted process makes network request
-
Sets service image path in registry
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-