General
-
Target
2024-10-12_8fd2994edebc3a3ddde2a14b3f5c4183_hijackloader_poet-rat_snatch
-
Size
10.1MB
-
Sample
241012-hv884syhqh
-
MD5
8fd2994edebc3a3ddde2a14b3f5c4183
-
SHA1
51b0c1f0e5d9a1486ee49bf25e544e626a5c86c0
-
SHA256
c4c71ad59b09f47d5d8c1f1ba54a358d1793706f00651867fb171e8f4d2912b4
-
SHA512
62620e6d802471ae663c89916f12fd3b68931cb141d80dc2444129f2d1b3f56a9a1630028d18ea08c6c8a595538bf114d24cb56269812f8bfd3c06c3ec1464eb
-
SSDEEP
196608:9RFHibb0Dpz7Omna1cCwvylAjWZ0Xq9YLuxMfCVb2XGh22KNL7P+wherA+O7f:tibgDpz7TnaqtvylAjWZ0Xq9YLuxMfC4
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-12_8fd2994edebc3a3ddde2a14b3f5c4183_hijackloader_poet-rat_snatch.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2024-10-12_8fd2994edebc3a3ddde2a14b3f5c4183_hijackloader_poet-rat_snatch
-
Size
10.1MB
-
MD5
8fd2994edebc3a3ddde2a14b3f5c4183
-
SHA1
51b0c1f0e5d9a1486ee49bf25e544e626a5c86c0
-
SHA256
c4c71ad59b09f47d5d8c1f1ba54a358d1793706f00651867fb171e8f4d2912b4
-
SHA512
62620e6d802471ae663c89916f12fd3b68931cb141d80dc2444129f2d1b3f56a9a1630028d18ea08c6c8a595538bf114d24cb56269812f8bfd3c06c3ec1464eb
-
SSDEEP
196608:9RFHibb0Dpz7Omna1cCwvylAjWZ0Xq9YLuxMfCVb2XGh22KNL7P+wherA+O7f:tibgDpz7TnaqtvylAjWZ0Xq9YLuxMfC4
-
Detects MeshAgent payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-