General
-
Target
2024-10-22_9d69443400acb97361efa9cf8e17f3ec_hijackloader_poet-rat_snatch
-
Size
14.5MB
-
Sample
241022-dqjenstdma
-
MD5
9d69443400acb97361efa9cf8e17f3ec
-
SHA1
2ac173ad00b5d38e2bc9478131f1cdb179b72e97
-
SHA256
d2f04edeffe112dabe2da967ffed766eeb4fbcedc6d193b28954fb3c035b5668
-
SHA512
91fad4044d8ce4343b716fdbf459223644ca4964f8768b9098d391699a40d76f00c97953cae69651765c19c998b0fb6effd0450e1fbb059bb6bd419afdeda665
-
SSDEEP
393216:QibEDlz7snaqtvylAjWZ0Xq9YLuxMfCVb2Xc2ZNLj+waARY:QibIlshtvylAjWZ0Xq9YLuxMfCVKs2jm
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-22_9d69443400acb97361efa9cf8e17f3ec_hijackloader_poet-rat_snatch.exe
Resource
win7-20240903-en
Malware Config
Targets
-
-
Target
2024-10-22_9d69443400acb97361efa9cf8e17f3ec_hijackloader_poet-rat_snatch
-
Size
14.5MB
-
MD5
9d69443400acb97361efa9cf8e17f3ec
-
SHA1
2ac173ad00b5d38e2bc9478131f1cdb179b72e97
-
SHA256
d2f04edeffe112dabe2da967ffed766eeb4fbcedc6d193b28954fb3c035b5668
-
SHA512
91fad4044d8ce4343b716fdbf459223644ca4964f8768b9098d391699a40d76f00c97953cae69651765c19c998b0fb6effd0450e1fbb059bb6bd419afdeda665
-
SSDEEP
393216:QibEDlz7snaqtvylAjWZ0Xq9YLuxMfCVb2Xc2ZNLj+waARY:QibIlshtvylAjWZ0Xq9YLuxMfCVKs2jm
-
Detects MeshAgent payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Sets service image path in registry
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-