General

  • Target

    2024-10-12_8fd2994edebc3a3ddde2a14b3f5c4183_hijackloader_poet-rat_snatch

  • Size

    10.1MB

  • Sample

    241012-hv884syhqh

  • MD5

    8fd2994edebc3a3ddde2a14b3f5c4183

  • SHA1

    51b0c1f0e5d9a1486ee49bf25e544e626a5c86c0

  • SHA256

    c4c71ad59b09f47d5d8c1f1ba54a358d1793706f00651867fb171e8f4d2912b4

  • SHA512

    62620e6d802471ae663c89916f12fd3b68931cb141d80dc2444129f2d1b3f56a9a1630028d18ea08c6c8a595538bf114d24cb56269812f8bfd3c06c3ec1464eb

  • SSDEEP

    196608:9RFHibb0Dpz7Omna1cCwvylAjWZ0Xq9YLuxMfCVb2XGh22KNL7P+wherA+O7f:tibgDpz7TnaqtvylAjWZ0Xq9YLuxMfC4

Malware Config

Targets

    • Target

      2024-10-12_8fd2994edebc3a3ddde2a14b3f5c4183_hijackloader_poet-rat_snatch

    • Size

      10.1MB

    • MD5

      8fd2994edebc3a3ddde2a14b3f5c4183

    • SHA1

      51b0c1f0e5d9a1486ee49bf25e544e626a5c86c0

    • SHA256

      c4c71ad59b09f47d5d8c1f1ba54a358d1793706f00651867fb171e8f4d2912b4

    • SHA512

      62620e6d802471ae663c89916f12fd3b68931cb141d80dc2444129f2d1b3f56a9a1630028d18ea08c6c8a595538bf114d24cb56269812f8bfd3c06c3ec1464eb

    • SSDEEP

      196608:9RFHibb0Dpz7Omna1cCwvylAjWZ0Xq9YLuxMfCVb2XGh22KNL7P+wherA+O7f:tibgDpz7TnaqtvylAjWZ0Xq9YLuxMfC4

    • Detects MeshAgent payload

    • MeshAgent

      MeshAgent is an open source remote access trojan written in C++.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Downloads MZ/PE file

    • Sets service image path in registry

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks