meshagent | 0b0d9c1903a01a53de9a650226d2c2047cbe2d3e28378f2b7ae0647cbf57f190 | Triage

Sharing

General

Target

meshagent64-test.exe
Size

3.3MB
Sample

250319-y5me4avr18
MD5

d47cb95c80fcf6c6059fcfae49577cef
SHA1

4a591e9763f51b0b8f69c69d91100ddc19a71cb8
SHA256

0b0d9c1903a01a53de9a650226d2c2047cbe2d3e28378f2b7ae0647cbf57f190
SHA512

451ec3b2d6d3c4567c888d11e18eeeb43268b7316e1d9b6f169f049b32a3d0858f83648dbf452e1f8db71ad3b4371736a30a15cdddb2ed6b56396770ac9eb4e9
SSDEEP

49152:9dZEy2B6vflQf6X8uZQoy3vR6QVQy5Z+bm4M/HMFvfGW0/7Z7Ib3jxw5bq:/HvfGfZvZj1/N/z/owJq

Score

10^/10

meshagent test backdoor discovery persistence rat trojan

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

test

Attributes

mesh_id
0xBAAC9AE409F4814112B0BCB6CEC1BB2060FF988AAC5B1EBC37305F946B7DD19682DAA25FE0EA403C76A50EC593316E5F
server_id
6BCD039A3454760E09EE7BFA6EB2A0F65A5F903D90EBA25FEA531F167630DF6B89F39F9E1CEF9D75CAD4B57AC61E0644
wss
localhost

Targets

- Target
  
  meshagent64-test.exe
- Size
  
  3.3MB
- MD5
  
  d47cb95c80fcf6c6059fcfae49577cef
- SHA1
  
  4a591e9763f51b0b8f69c69d91100ddc19a71cb8
- SHA256
  
  0b0d9c1903a01a53de9a650226d2c2047cbe2d3e28378f2b7ae0647cbf57f190
- SHA512
  
  451ec3b2d6d3c4567c888d11e18eeeb43268b7316e1d9b6f169f049b32a3d0858f83648dbf452e1f8db71ad3b4371736a30a15cdddb2ed6b56396770ac9eb4e9
- SSDEEP
  
  49152:9dZEy2B6vflQf6X8uZQoy3vR6QVQy5Z+bm4M/HMFvfGW0/7Z7Ib3jxw5bq:/HvfGfZvZj1/N/z/owJq
Score

10^/10

meshagent test backdoor discovery persistence rat trojan
- Detects MeshAgent payload
- MeshAgent
  MeshAgent is an open source remote access trojan written in C++.
  rat trojan backdoor meshagent
- Meshagent family
  meshagent
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

meshagenttestbackdoordiscoverypersistencerattrojan

behavioral2