General

  • Target

    2024-09-24_e664e32eae75f70aca3b95397beb8706_hijackloader_poet-rat_snatch

  • Size

    19.0MB

  • Sample

    240924-nk1f4swfma

  • MD5

    e664e32eae75f70aca3b95397beb8706

  • SHA1

    ca649ca8a6f15876d56f7a3491f7435f5b0df8ef

  • SHA256

    d8ae46b6adb3b8dcaddaab2adaf4337048e29c1ffd1caccbe22612dad8113402

  • SHA512

    d522171534431ae1cc9c3536845f3404d89cadbd3e8481ac64c5f3b98b16d0625d6619b00e23e579b575dd99498bd43e6d1b6c07da81839337e9897b901f672a

  • SSDEEP

    393216:ZGbYHohSnaqtvylAjWZ0Xq9YLuxMfCVb2:gbYHPhtvylAjWZ0Xq9YLuxMfCVK

Malware Config

Targets

    • Target

      2024-09-24_e664e32eae75f70aca3b95397beb8706_hijackloader_poet-rat_snatch

    • Size

      19.0MB

    • MD5

      e664e32eae75f70aca3b95397beb8706

    • SHA1

      ca649ca8a6f15876d56f7a3491f7435f5b0df8ef

    • SHA256

      d8ae46b6adb3b8dcaddaab2adaf4337048e29c1ffd1caccbe22612dad8113402

    • SHA512

      d522171534431ae1cc9c3536845f3404d89cadbd3e8481ac64c5f3b98b16d0625d6619b00e23e579b575dd99498bd43e6d1b6c07da81839337e9897b901f672a

    • SSDEEP

      393216:ZGbYHohSnaqtvylAjWZ0Xq9YLuxMfCVb2:gbYHPhtvylAjWZ0Xq9YLuxMfCVK

    • Detects MeshAgent payload

    • MeshAgent

      MeshAgent is an open source remote access trojan written in C++.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Sets service image path in registry

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks