Extracted

• • Target

    2025-01-23_9f36830d3f867d37d3edd55800ef1677_frostygoop_hijackloader_luca-stealer_poet-rat_snatch

  • Size

    5.0MB

  • MD5

    9f36830d3f867d37d3edd55800ef1677

  • SHA1

    1d7a79e3a08ce71954416c2cd09ae3c01af082d0

  • SHA256

    16c3ce54c980ffb165d60fb3e4b35e4d5f0c8b8624715f07d11cf460d58e4eb6

  • SHA512

    ee9978bbcf20e6c873a692a1c2d9d2ecf8e95c044c60731d9f4805692718091fd0b84cf88dda436fd9b9e7eab25c1f6c54ec72894cc4840d1744554006e917a8

  • SSDEEP

    49152:cRg0nHQi1uuVvrb/T8vO90d7HjmAFd4A64nsfJWl6OEch34Vx9n5ov0IrQszVS5n:Xi1uuVQEpf5qusz8GEn+eAI

  Score

  10^/10

  meshagenttacticalrmmbackdoordefense_evasiondiscoveryexecutionpersistencerattrojan

  • Detects MeshAgent payload

  • MeshAgent

    MeshAgent is an open source remote access trojan written in C++.

    rattrojanbackdoormeshagent

  • Meshagent family

    meshagent

  • Blocklisted process makes network request

  • Sets service image path in registry

    persistence

  • Stops running service(s)

    defense_evasionexecution

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops file in System32 directory

  behavioral1behavioral2