Extracted

• • Target

    2025-01-29_55b354dd9503dd9a7bff3de9f96ee52a_frostygoop_luca-stealer_poet-rat_snatch

  • Size

    5.0MB

  • MD5

    55b354dd9503dd9a7bff3de9f96ee52a

  • SHA1

    ad2e596cd9dc776edd3ba4699d19188453218565

  • SHA256

    38b7ec0dd83e467faba04fec4f610f3a30e38d9c9b38a10fad4fdf1dd9e21769

  • SHA512

    02c041e14309d7bd285e10ddb562bbb35335784c313898540cb66055cde1c41916d69d167de0ca3ec266aa3aa4c362fcf6cf4e13e7b4bd977c4e1d5ee5d11d6f

  • SSDEEP

    49152:mgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGdJS5BA:x4e4uPpVW6gTVegO7DfE8+eNB

  Score

  10^/10

  meshagenttacticalrmmbackdoordefense_evasiondiscoveryexecutionpersistencerattrojan

  • Detects MeshAgent payload

  • MeshAgent

    MeshAgent is an open source remote access trojan written in C++.

    rattrojanbackdoormeshagent

  • Meshagent family

    meshagent

  • Blocklisted process makes network request

  • Sets service image path in registry

    persistence

  • Stops running service(s)

    defense_evasionexecution

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops file in System32 directory

  behavioral1behavioral2