meshagent | 0c734b30df8049aba666a808f802c5daf9bbde44c05048fd6ed1a120fd351c59 | Triage

Sharing

General

Target

azd.exe
Size

4.5MB
Sample

250110-rlgbeawpdx
MD5

f65b789211ab3821e1864f01bc9cacb3
SHA1

b5ac7b515e839a06844a39a5218b4e10d5513c39
SHA256

0c734b30df8049aba666a808f802c5daf9bbde44c05048fd6ed1a120fd351c59
SHA512

da134992d45e3ee76d69b6f6dcb05c0eec4f56d183bc4a3374d5543c5f6c9ad9be51fee5a9989b505d278767f54024789765430b97b550e57b715eaa7cf29c81
SSDEEP

49152:rX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QJvj:rlRsZ47/QXoHUOfAoj1x6l

Score

10^/10

meshagent test backdoor discovery persistence rat trojan

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Test

Attributes

mesh_id
0x8CB76603DCB9DA0DB5FB70A9571D978892BFE179ADA4BC14DF6C2F1EA1400A4762425981946F04C44AEC17BC68DF3097
server_id
5CBB4140F1C76ABA247DA39131969AD78837692B03E9B5DFCF7ACE025E18FF9408A258EAB9F2ADA2AE954901D5CDABB6
wss
localhost

Targets

- Target
  
  azd.exe
- Size
  
  4.5MB
- MD5
  
  f65b789211ab3821e1864f01bc9cacb3
- SHA1
  
  b5ac7b515e839a06844a39a5218b4e10d5513c39
- SHA256
  
  0c734b30df8049aba666a808f802c5daf9bbde44c05048fd6ed1a120fd351c59
- SHA512
  
  da134992d45e3ee76d69b6f6dcb05c0eec4f56d183bc4a3374d5543c5f6c9ad9be51fee5a9989b505d278767f54024789765430b97b550e57b715eaa7cf29c81
- SSDEEP
  
  49152:rX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QJvj:rlRsZ47/QXoHUOfAoj1x6l
Score

10^/10

meshagent test backdoor discovery persistence rat trojan
- Detects MeshAgent payload
- MeshAgent
  MeshAgent is an open source remote access trojan written in C++.
  rat trojan backdoor meshagent
- Meshagent family
  meshagent
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

meshagenttestbackdoordiscoverypersistencerattrojan

behavioral2