meshagent | 354578664bb1086e7d9193fdd0374eda91bfed1546ca7325706a52a1a8d601f6 | Triage

Sharing

General

Target

2024-11-11_42867209afb0cd3511bb6e8091ebc90f_frostygoop_luca-stealer_poet-rat_snatch
Size

7.1MB
Sample

241112-aawhhsypas
MD5

42867209afb0cd3511bb6e8091ebc90f
SHA1

ae01caa6c329082baca3633e5189f018f6e64b31
SHA256

354578664bb1086e7d9193fdd0374eda91bfed1546ca7325706a52a1a8d601f6
SHA512

e6484b2e328e63066de87fb03d26f5b49456463705e396b2875525d508e62f4c64344c519a0834a2881672a8494650d6bfc162e137eb19cc2a8c62aa39d2c2ad
SSDEEP

98304:SA47lMQl5tHuC+EoZEdA9rYmBprCfmzsDzs1lMI6jQ:SLMQl5kko7zXsKsvsDSQ

Score

10^/10

meshagent backdoor discovery execution persistence rat trojan

Malware Config

Targets

- Target
  
  2024-11-11_42867209afb0cd3511bb6e8091ebc90f_frostygoop_luca-stealer_poet-rat_snatch
- Size
  
  7.1MB
- MD5
  
  42867209afb0cd3511bb6e8091ebc90f
- SHA1
  
  ae01caa6c329082baca3633e5189f018f6e64b31
- SHA256
  
  354578664bb1086e7d9193fdd0374eda91bfed1546ca7325706a52a1a8d601f6
- SHA512
  
  e6484b2e328e63066de87fb03d26f5b49456463705e396b2875525d508e62f4c64344c519a0834a2881672a8494650d6bfc162e137eb19cc2a8c62aa39d2c2ad
- SSDEEP
  
  98304:SA47lMQl5tHuC+EoZEdA9rYmBprCfmzsDzs1lMI6jQ:SLMQl5kko7zXsKsvsDSQ
Score

10^/10

meshagent backdoor discovery execution persistence rat trojan
- Detects MeshAgent payload
- MeshAgent
  MeshAgent is an open source remote access trojan written in C++.
  rat trojan backdoor meshagent
- Meshagent family
  meshagent
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

meshagentbackdoordiscoveryexecutionpersistencerattrojan