Extracted

• • Target

    meshagent64-test (1).exe

  • Size

    3.3MB

  • MD5

    36dd1f52808bc6c95b104ca4b74c8e6a

  • SHA1

    9814398ab1fa76d18952c3e591bc173deb397e9f

  • SHA256

    f93fda1b2b185a95ee069081e42a58f6cc8d105c0b859696b67db00967a835f7

  • SHA512

    a2f765f34a610059e741faa296ff9699b2b87af23df90824eacf2af337e26b80883c2bf6080bfaad3b4eb5f2a58bce765832d1c09064f042ce21d05677c41ba9

  • SSDEEP

    49152:YdZEy2B6vflQf6X8uZQoy3vR6QVQy5Z+bm4M/HMFvfGW0/7Z7Ib3jxw5bo:cHvfGfZvZj1/N/z/owJo

  Score

  10^/10

  meshagenttestbackdoordiscoverypersistencerattrojan

  • Detects MeshAgent payload

  • MeshAgent

    MeshAgent is an open source remote access trojan written in C++.

    rattrojanbackdoormeshagent

  • Meshagent family

    meshagent

  • Sets service image path in registry

    persistence

  • Executes dropped EXE

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2