General

  • Target

    2024-09-24_4dfdae8af85639b2c395c7b10c6bf896_hijackloader_poet-rat_snatch

  • Size

    18.9MB

  • Sample

    240924-d2aa5sshjj

  • MD5

    4dfdae8af85639b2c395c7b10c6bf896

  • SHA1

    347bef6b6b30d1caf3af7e8709fefeec2a277071

  • SHA256

    b01fbd9f1842d5d983b203735b87bc646e3a332d6d975f6e4d05e11a346691bf

  • SHA512

    dcfd495f4012c051d5a5fdff7b77c8db65ef4036a6eb6d6ffe8e359f6625a4daea5dd4c851e3bc033b8eedcba09648592f02039d3ba11cd8a39f5f9a98272186

  • SSDEEP

    393216:g8g8THhdWnaqtvylAjWZ0Xq9YLuxMfCVb2z:Zg8mhtvylAjWZ0Xq9YLuxMfCVKz

Malware Config

Targets

    • Target

      2024-09-24_4dfdae8af85639b2c395c7b10c6bf896_hijackloader_poet-rat_snatch

    • Size

      18.9MB

    • MD5

      4dfdae8af85639b2c395c7b10c6bf896

    • SHA1

      347bef6b6b30d1caf3af7e8709fefeec2a277071

    • SHA256

      b01fbd9f1842d5d983b203735b87bc646e3a332d6d975f6e4d05e11a346691bf

    • SHA512

      dcfd495f4012c051d5a5fdff7b77c8db65ef4036a6eb6d6ffe8e359f6625a4daea5dd4c851e3bc033b8eedcba09648592f02039d3ba11cd8a39f5f9a98272186

    • SSDEEP

      393216:g8g8THhdWnaqtvylAjWZ0Xq9YLuxMfCVb2z:Zg8mhtvylAjWZ0Xq9YLuxMfCVKz

    • Detects MeshAgent payload

    • MeshAgent

      MeshAgent is an open source remote access trojan written in C++.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Sets service image path in registry

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks