Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://bazaar.abuse...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://bazaar.abuse.ch/download/db8174175cec245f15f117503fd9e178307fb3763ea7e2e47541e80bfc953746

  • Sample

    241105-fk1g4sxndk

Score
10/10
meshagentworkgroup-09/28/2024backdoordiscoverypersistencerattrojan

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

workgroup-09/28/2024

C2

http://94.232.43.185:443/agent.ashx

Attributes
  • mesh_id

    0xEE6F1C863FB7C6EF842533D34533A6378D918D5227918D7E0A0D32295A4DB86E517627EC63E43107A992624908FEFE63

  • server_id

    2BD4C9024778AB65C894FE006870F2822FD2EE492C09B410A85E50D4766668DCFF3ACA2B8AEFE4104B0ACC243B51B701

  • wss

    wss://94.232.43.185:443/agent.ashx

Targets

    • Target

      https://bazaar.abuse.ch/download/db8174175cec245f15f117503fd9e178307fb3763ea7e2e47541e80bfc953746

    Score
    10/10
    meshagentworkgroup-09/28/2024backdoordiscoverypersistencerattrojan

    • Detects MeshAgent payload

    • MeshAgent

      MeshAgent is an open source remote access trojan written in C++.

      rattrojanbackdoormeshagent

    • Meshagent family

      meshagent

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks