General
-
Target
2024-10-22_9d69443400acb97361efa9cf8e17f3ec_hijackloader_poet-rat_snatch
-
Size
14.5MB
-
Sample
241022-dqjenstdma
-
MD5
9d69443400acb97361efa9cf8e17f3ec
-
SHA1
2ac173ad00b5d38e2bc9478131f1cdb179b72e97
-
SHA256
d2f04edeffe112dabe2da967ffed766eeb4fbcedc6d193b28954fb3c035b5668
-
SHA512
91fad4044d8ce4343b716fdbf459223644ca4964f8768b9098d391699a40d76f00c97953cae69651765c19c998b0fb6effd0450e1fbb059bb6bd419afdeda665
-
SSDEEP
393216:QibEDlz7snaqtvylAjWZ0Xq9YLuxMfCVb2Xc2ZNLj+waARY:QibIlshtvylAjWZ0Xq9YLuxMfCVKs2jm
Malware Config
Targets
-
-
Target
2024-10-22_9d69443400acb97361efa9cf8e17f3ec_hijackloader_poet-rat_snatch
-
Size
14.5MB
-
MD5
9d69443400acb97361efa9cf8e17f3ec
-
SHA1
2ac173ad00b5d38e2bc9478131f1cdb179b72e97
-
SHA256
d2f04edeffe112dabe2da967ffed766eeb4fbcedc6d193b28954fb3c035b5668
-
SHA512
91fad4044d8ce4343b716fdbf459223644ca4964f8768b9098d391699a40d76f00c97953cae69651765c19c998b0fb6effd0450e1fbb059bb6bd419afdeda665
-
SSDEEP
393216:QibEDlz7snaqtvylAjWZ0Xq9YLuxMfCVb2Xc2ZNLj+waARY:QibIlshtvylAjWZ0Xq9YLuxMfCVKs2jm
Score10/10-
Detects MeshAgent payload
-
MeshAgent
MeshAgent is an open source remote access trojan written in C++.
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-