General

  • Target

    2024-10-03_737fb056093df619a87969db45379c80_poet-rat_snatch

  • Size

    10.5MB

  • Sample

    241003-a3v3fsvhkn

  • MD5

    737fb056093df619a87969db45379c80

  • SHA1

    82702168b2cffe8c88405b4cb9f6ddf67e0997da

  • SHA256

    e1a2f6f904d28fe6d650536a835e2f505ed865d24e9cbcf7008dd7ad3269221f

  • SHA512

    1d1a398301e52f1660ce770fa9ddcf25b114e003ef5d9e5b83719af5a6f0158a1ac57536c403a9d89f0a8908f16ef471115b39e67e38f525fd9a0031dfd439ae

  • SSDEEP

    98304:UW3DPzlu4JkukPMoej+ZDLbE5wDMrd+s71Kq:LD7lu4JgMoejoLI5wQMU

Malware Config

Targets

    • Target

      2024-10-03_737fb056093df619a87969db45379c80_poet-rat_snatch

    • Size

      10.5MB

    • MD5

      737fb056093df619a87969db45379c80

    • SHA1

      82702168b2cffe8c88405b4cb9f6ddf67e0997da

    • SHA256

      e1a2f6f904d28fe6d650536a835e2f505ed865d24e9cbcf7008dd7ad3269221f

    • SHA512

      1d1a398301e52f1660ce770fa9ddcf25b114e003ef5d9e5b83719af5a6f0158a1ac57536c403a9d89f0a8908f16ef471115b39e67e38f525fd9a0031dfd439ae

    • SSDEEP

      98304:UW3DPzlu4JkukPMoej+ZDLbE5wDMrd+s71Kq:LD7lu4JgMoejoLI5wQMU

    • Detects MeshAgent payload

    • MeshAgent

      MeshAgent is an open source remote access trojan written in C++.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Sets service image path in registry

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks