General
-
Target
2024-10-03_737fb056093df619a87969db45379c80_poet-rat_snatch
-
Size
10.5MB
-
Sample
241003-a3v3fsvhkn
-
MD5
737fb056093df619a87969db45379c80
-
SHA1
82702168b2cffe8c88405b4cb9f6ddf67e0997da
-
SHA256
e1a2f6f904d28fe6d650536a835e2f505ed865d24e9cbcf7008dd7ad3269221f
-
SHA512
1d1a398301e52f1660ce770fa9ddcf25b114e003ef5d9e5b83719af5a6f0158a1ac57536c403a9d89f0a8908f16ef471115b39e67e38f525fd9a0031dfd439ae
-
SSDEEP
98304:UW3DPzlu4JkukPMoej+ZDLbE5wDMrd+s71Kq:LD7lu4JgMoejoLI5wQMU
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-03_737fb056093df619a87969db45379c80_poet-rat_snatch.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2024-10-03_737fb056093df619a87969db45379c80_poet-rat_snatch
-
Size
10.5MB
-
MD5
737fb056093df619a87969db45379c80
-
SHA1
82702168b2cffe8c88405b4cb9f6ddf67e0997da
-
SHA256
e1a2f6f904d28fe6d650536a835e2f505ed865d24e9cbcf7008dd7ad3269221f
-
SHA512
1d1a398301e52f1660ce770fa9ddcf25b114e003ef5d9e5b83719af5a6f0158a1ac57536c403a9d89f0a8908f16ef471115b39e67e38f525fd9a0031dfd439ae
-
SSDEEP
98304:UW3DPzlu4JkukPMoej+ZDLbE5wDMrd+s71Kq:LD7lu4JgMoejoLI5wQMU
-
Detects MeshAgent payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets service image path in registry
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-