meshagent | hxxps://www[.]youtude[.]net/watch?v=i50wel2lVsw | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

1

https://www.youtude....

windows10-2004-x64

Sharing

General

Target

https://www.youtude.net/watch?v=i50wel2lVsw
Sample

250409-t7h38sw1gz

Score

10^/10

meshagent clickfix backdoor discovery execution persistence rat trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://www.youtude.net/watch?v=i50wel2lVsw

Resource

win10v2004-20250314-en

meshagent clickfix backdoor discovery execution persistence rat trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

clickfix

C2

http://aaso12.duckdns.org:443/agent.ashx

Attributes

mesh_id
0x950AE7E094D02F632FBC73D5C2419AAC81F9563B8A37915670D8453B94FB3DA11961008E153469470F365ACD78AB3512
server_id
22F126392DFCD804B6AF755F256A707D53ED8D200650E6BC853C95860F21B6B7049AF4EBEAB393E6EE1A9315B396BFC8
wss
wss://aaso12.duckdns.org:443/agent.ashx

Targets

- Target
  
  https://www.youtude.net/watch?v=i50wel2lVsw
Score

10^/10

meshagent clickfix backdoor discovery execution persistence rat trojan
- Detects MeshAgent payload
- MeshAgent
  MeshAgent is an open source remote access trojan written in C++.
  rat trojan backdoor meshagent
- Meshagent family
  meshagent
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

meshagentclickfixbackdoordiscoveryexecutionpersistencerattrojan

© 2018-2025

Terms | Privacy