General
-
Target
2024-09-24_e664e32eae75f70aca3b95397beb8706_hijackloader_poet-rat_snatch
-
Size
19.0MB
-
Sample
240924-nk1f4swfma
-
MD5
e664e32eae75f70aca3b95397beb8706
-
SHA1
ca649ca8a6f15876d56f7a3491f7435f5b0df8ef
-
SHA256
d8ae46b6adb3b8dcaddaab2adaf4337048e29c1ffd1caccbe22612dad8113402
-
SHA512
d522171534431ae1cc9c3536845f3404d89cadbd3e8481ac64c5f3b98b16d0625d6619b00e23e579b575dd99498bd43e6d1b6c07da81839337e9897b901f672a
-
SSDEEP
393216:ZGbYHohSnaqtvylAjWZ0Xq9YLuxMfCVb2:gbYHPhtvylAjWZ0Xq9YLuxMfCVK
Static task
static1
Behavioral task
behavioral1
Sample
2024-09-24_e664e32eae75f70aca3b95397beb8706_hijackloader_poet-rat_snatch.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2024-09-24_e664e32eae75f70aca3b95397beb8706_hijackloader_poet-rat_snatch
-
Size
19.0MB
-
MD5
e664e32eae75f70aca3b95397beb8706
-
SHA1
ca649ca8a6f15876d56f7a3491f7435f5b0df8ef
-
SHA256
d8ae46b6adb3b8dcaddaab2adaf4337048e29c1ffd1caccbe22612dad8113402
-
SHA512
d522171534431ae1cc9c3536845f3404d89cadbd3e8481ac64c5f3b98b16d0625d6619b00e23e579b575dd99498bd43e6d1b6c07da81839337e9897b901f672a
-
SSDEEP
393216:ZGbYHohSnaqtvylAjWZ0Xq9YLuxMfCVb2:gbYHPhtvylAjWZ0Xq9YLuxMfCVK
-
Detects MeshAgent payload
-
Blocklisted process makes network request
-
Sets service image path in registry
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-