General
-
Target
2025-06-04_b7104eb69317dea5fe78d0d2df95baf1_cobalt-strike_frostygoop_luca-stealer_poet-rat_sliver_snatch
-
Size
5.0MB
-
Sample
250604-l7mgnafq8z
-
MD5
b7104eb69317dea5fe78d0d2df95baf1
-
SHA1
97337e5f26b8199f7968295fd1fe1e57a5e60079
-
SHA256
68f7ebe0cb50a329fb2680151c4ea9b66ff13ea4e8df2abcd680ecf7ffedffd8
-
SHA512
3a3e7388f176cb6692108034e2f28f65f6790312885e89aed5eb72b3dd8447aace7be877cf12e41b2add9b2460657bdaf471d9c03fd6761fa15b9d36ed842523
-
SSDEEP
49152:zgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGlJS5ZY:84e4uPpVm6gTVGIO7DfEu+eJ
Static task
static1
Behavioral task
behavioral1
Sample
2025-06-04_b7104eb69317dea5fe78d0d2df95baf1_cobalt-strike_frostygoop_luca-stealer_poet-rat_sliver_snatch.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
meshagent
2
TacticalRMM
http://mesh.pchelper.ru:443/agent.ashx
-
mesh_id
0x43CCE4DD140774A1474B9BCCF100432C7AB1B31DAA58E3CB472C7055685FC704BBE67FFDA1C77B0FD931FABC6DC3D23B
-
server_id
B9576B568DE61B6A40634A6BDFB57FC7ABBBE76BAECBAFF8752567A2B8130AF2E8D3AA8973BC0178454AADFDD748DF03
-
wss
wss://mesh.pchelper.ru:443/agent.ashx
Targets
-
-
Target
2025-06-04_b7104eb69317dea5fe78d0d2df95baf1_cobalt-strike_frostygoop_luca-stealer_poet-rat_sliver_snatch
-
Size
5.0MB
-
MD5
b7104eb69317dea5fe78d0d2df95baf1
-
SHA1
97337e5f26b8199f7968295fd1fe1e57a5e60079
-
SHA256
68f7ebe0cb50a329fb2680151c4ea9b66ff13ea4e8df2abcd680ecf7ffedffd8
-
SHA512
3a3e7388f176cb6692108034e2f28f65f6790312885e89aed5eb72b3dd8447aace7be877cf12e41b2add9b2460657bdaf471d9c03fd6761fa15b9d36ed842523
-
SSDEEP
49152:zgvUDWv4e4uPpV1wrb/T8vO90d7HjmAFd4A64nsfJJKyutrDb4HGw1lfVGlJS5ZY:84e4uPpVm6gTVGIO7DfEu+eJ
-
Detects MeshAgent payload
-
Meshagent family
-
Blocklisted process makes network request
-
Sets service image path in registry
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1