General

  • Target

    2024-10-22_9d69443400acb97361efa9cf8e17f3ec_hijackloader_poet-rat_snatch

  • Size

    14.5MB

  • Sample

    241022-dqjenstdma

  • MD5

    9d69443400acb97361efa9cf8e17f3ec

  • SHA1

    2ac173ad00b5d38e2bc9478131f1cdb179b72e97

  • SHA256

    d2f04edeffe112dabe2da967ffed766eeb4fbcedc6d193b28954fb3c035b5668

  • SHA512

    91fad4044d8ce4343b716fdbf459223644ca4964f8768b9098d391699a40d76f00c97953cae69651765c19c998b0fb6effd0450e1fbb059bb6bd419afdeda665

  • SSDEEP

    393216:QibEDlz7snaqtvylAjWZ0Xq9YLuxMfCVb2Xc2ZNLj+waARY:QibIlshtvylAjWZ0Xq9YLuxMfCVKs2jm

Malware Config

Targets

    • Target

      2024-10-22_9d69443400acb97361efa9cf8e17f3ec_hijackloader_poet-rat_snatch

    • Size

      14.5MB

    • MD5

      9d69443400acb97361efa9cf8e17f3ec

    • SHA1

      2ac173ad00b5d38e2bc9478131f1cdb179b72e97

    • SHA256

      d2f04edeffe112dabe2da967ffed766eeb4fbcedc6d193b28954fb3c035b5668

    • SHA512

      91fad4044d8ce4343b716fdbf459223644ca4964f8768b9098d391699a40d76f00c97953cae69651765c19c998b0fb6effd0450e1fbb059bb6bd419afdeda665

    • SSDEEP

      393216:QibEDlz7snaqtvylAjWZ0Xq9YLuxMfCVb2Xc2ZNLj+waARY:QibIlshtvylAjWZ0Xq9YLuxMfCVKs2jm

    • Detects MeshAgent payload

    • MeshAgent

      MeshAgent is an open source remote access trojan written in C++.

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Downloads MZ/PE file

    • Sets service image path in registry

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks