Extracted

Extracted

• • Target

    2025-01-25_4c63b362b73a36e9410738b9f81428ef_frostygoop_hijackloader_luca-stealer_poet-rat_snatch

  • Size

    5.0MB

  • MD5

    4c63b362b73a36e9410738b9f81428ef

  • SHA1

    32824d470f193773e515870c9d3cf8dfa076b2a6

  • SHA256

    a9fcd874776f3f25782f85303cec11ac2c2e599d05e3d8a3ec3cb5e253bf7d12

  • SHA512

    17715f6600d44747bf22f4960256d33b4c3e6eb6192f24ad09207023870182b0c72a14851afb36d99f20e94ca646717a6fd9c7021b12a579a2585f06c0d02b64

  • SSDEEP

    49152:wRg0nHs3wQuuhrb/T8vO90d7HjmAFd4A64nsfJoRLvXW4uyRcH5g3ZCNUgxocMCF:b3wQuu81n256dgxtrE7+eGt

  Score

  10^/10

  meshagenttacticalrmmbackdoordefense_evasiondiscoveryexecutionpersistencerattrojanprivilege_escalation

  • Detects MeshAgent payload

  • MeshAgent

    MeshAgent is an open source remote access trojan written in C++.

    rattrojanbackdoormeshagent

  • Meshagent family

    meshagent

  • Blocklisted process makes network request

  • Creates new service(s)

    persistenceexecution

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    defense_evasion

  • Modifies service settings

    Alters the configuration of existing services.

    defense_evasion

  • Sets service image path in registry

    persistence

  • Stops running service(s)

    defense_evasionexecution

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Power Settings

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2