meshagent | ae283e92827c85e5dcf6bbd837ade5fa77b3372b164a21148de99c77a4dbfce9 | Triage

Sharing

General

Target

meshagent64-test (3).exe
Size

3.3MB
Sample

250319-z9d5ysxm14
MD5

fa15b312bb0e5999a2d818f8a4baf0bc
SHA1

f874d91384cfa3bacaaaa33fc1cc6444e007c891
SHA256

ae283e92827c85e5dcf6bbd837ade5fa77b3372b164a21148de99c77a4dbfce9
SHA512

7d0ea6117857331ebe4c98048e84200490423477f884e8c3ea79f34b69ccbb5bdca2178660eb49bcc208e3811642770f2cc57abdbb670c8a0a05b7abdfd785c9
SSDEEP

49152:PdZEy2B6vflQf6X8uZQoy3vR6QVQy5Z+bm4M/HMFvfGW0/7Z7Ib3jxw5b4:1HvfGfZvZj1/N/z/owJ4

Score

10^/10

meshagent test backdoor discovery persistence rat trojan

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

test

Attributes

mesh_id
0xBAAC9AE409F4814112B0BCB6CEC1BB2060FF988AAC5B1EBC37305F946B7DD19682DAA25FE0EA403C76A50EC593316E5F
server_id
6BCD039A3454760E09EE7BFA6EB2A0F65A5F903D90EBA25FEA531F167630DF6B89F39F9E1CEF9D75CAD4B57AC61E0644
wss
localhost

Targets

- Target
  
  meshagent64-test (3).exe
- Size
  
  3.3MB
- MD5
  
  fa15b312bb0e5999a2d818f8a4baf0bc
- SHA1
  
  f874d91384cfa3bacaaaa33fc1cc6444e007c891
- SHA256
  
  ae283e92827c85e5dcf6bbd837ade5fa77b3372b164a21148de99c77a4dbfce9
- SHA512
  
  7d0ea6117857331ebe4c98048e84200490423477f884e8c3ea79f34b69ccbb5bdca2178660eb49bcc208e3811642770f2cc57abdbb670c8a0a05b7abdfd785c9
- SSDEEP
  
  49152:PdZEy2B6vflQf6X8uZQoy3vR6QVQy5Z+bm4M/HMFvfGW0/7Z7Ib3jxw5b4:1HvfGfZvZj1/N/z/owJ4
Score

10^/10

meshagent test backdoor discovery persistence rat trojan
- Detects MeshAgent payload
- MeshAgent
  MeshAgent is an open source remote access trojan written in C++.
  rat trojan backdoor meshagent
- Meshagent family
  meshagent
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

meshagenttestbackdoordiscoverypersistencerattrojan