Extracted

• • Target

    2025-03-01_5ce3ead66ddb51cc43046e7b6f721f2f_frostygoop_hijackloader_luca-stealer_poet-rat_sliver_snatch

  • Size

    5.0MB

  • MD5

    5ce3ead66ddb51cc43046e7b6f721f2f

  • SHA1

    7e83431a37bfd8b19571763b398bce16f51d0540

  • SHA256

    e5ba98e89145a8bf4ceb2c55beaf5addc97a739b46f0a9c0c19289003ccf1d52

  • SHA512

    fb90fb93b2d4c967f4dbd0547ba9eff88f73b7d1c4d1397603459a9fdb0cee3be9e254eebe82a5f05d2a8e9d989ec655819cb7120d785ab43a83f6fde72c8f73

  • SSDEEP

    49152:zE9F4wdvDe1rb/TcvO90d7HjmAFd4A64nsfJG5BW7kU2wwuwF5JLEpKSV8Dg3y5O:QdvDeG//z5FYV8cYE5+ecE

  Score

  10^/10

  meshagenttacticalrmmbackdoordefense_evasiondiscoveryexecutionpersistenceprivilege_escalationrattrojan

  • Detects MeshAgent payload

  • MeshAgent

    MeshAgent is an open source remote access trojan written in C++.

    rattrojanbackdoormeshagent

  • Meshagent family

    meshagent

  • Blocklisted process makes network request

  • Modifies Windows Firewall

    defense_evasion

  • Sets service image path in registry

    persistence

  • Stops running service(s)

    defense_evasionexecution

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Power Settings

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2