meshagent | 902366956f09f5021931f8793b1995fb9b89a0dcc1661e9eef635981fcd7d837 | Triage

Sharing

General

Target

2024-11-07_b4c5da2d9e9767bc6d84a33eeb480a3e_frostygoop_luca-stealer_poet-rat_snatch
Size

7.1MB
Sample

241107-ednpasveke
MD5

b4c5da2d9e9767bc6d84a33eeb480a3e
SHA1

fc24548dcb1183a69df74a42f9606a5c08e03d7d
SHA256

902366956f09f5021931f8793b1995fb9b89a0dcc1661e9eef635981fcd7d837
SHA512

5ddcb4c3073c576818e94b843fa0ee43e8c27cbe42aaa0b4452fb5e5ab5aae1127fff5aa4bb0ace3159235f7fafab7d22a5a4fcb8eaec6e22e99b5323a4b6cac
SSDEEP

98304:l5vITH2Tl6nlx9yE2jEdT95X+HqV/6asoCaRN1lMI6jQ:lcH2Tl6h26jONasoCafDSQ

Score

10^/10

meshagent backdoor discovery execution persistence rat trojan

Malware Config

Targets

- Target
  
  2024-11-07_b4c5da2d9e9767bc6d84a33eeb480a3e_frostygoop_luca-stealer_poet-rat_snatch
- Size
  
  7.1MB
- MD5
  
  b4c5da2d9e9767bc6d84a33eeb480a3e
- SHA1
  
  fc24548dcb1183a69df74a42f9606a5c08e03d7d
- SHA256
  
  902366956f09f5021931f8793b1995fb9b89a0dcc1661e9eef635981fcd7d837
- SHA512
  
  5ddcb4c3073c576818e94b843fa0ee43e8c27cbe42aaa0b4452fb5e5ab5aae1127fff5aa4bb0ace3159235f7fafab7d22a5a4fcb8eaec6e22e99b5323a4b6cac
- SSDEEP
  
  98304:l5vITH2Tl6nlx9yE2jEdT95X+HqV/6asoCaRN1lMI6jQ:lcH2Tl6h26jONasoCafDSQ
Score

10^/10

meshagent backdoor discovery execution persistence rat trojan
- Detects MeshAgent payload
- MeshAgent
  MeshAgent is an open source remote access trojan written in C++.
  rat trojan backdoor meshagent
- Meshagent family
  meshagent
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

meshagentbackdoordiscoveryexecutionpersistencerattrojan