General

  • Target

    2024-09-24_c8cbf412750050248d0e69d9442bd1ca_ryuk_sliver

  • Size

    3.3MB

  • Sample

    240924-j9seksxcpm

  • MD5

    c8cbf412750050248d0e69d9442bd1ca

  • SHA1

    c74ba0888cc19ab0e37be51fdf776742ec612a7c

  • SHA256

    8adfe9b991e29cb3b8d17e458c19bc735e6bbb332588c930987e4e9c76ee54ec

  • SHA512

    0043c2c69fac9c8aa3cda1915e045cff18184a273e8e70de03ee638afc683c351ec961d239ce946a87fd9fc6184b8adaeb5b88e087261f3e4a7f2c1cc5efcdff

  • SSDEEP

    49152:xX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QC:xlRsZ47/QXoHUOfAoj1x6C

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.doubehi.xyz:443/agent.ashx

Attributes
  • mesh_id

    0xB8005B1CF6A6ED1837D5685521C545B4B0FF534D9B9663E98B17378BBE1543E4310011C6E0ECD0CB2CF824A55D575540

  • server_id

    88A6C524BB5954DBFF1163A381199A301EAD8865F5B3CA30751FE615CC9EBFE97880DE50059BB9DCCD3882387735BE30

  • wss

    wss://mesh.doubehi.xyz:443/agent.ashx

Targets

    • Target

      2024-09-24_c8cbf412750050248d0e69d9442bd1ca_ryuk_sliver

    • Size

      3.3MB

    • MD5

      c8cbf412750050248d0e69d9442bd1ca

    • SHA1

      c74ba0888cc19ab0e37be51fdf776742ec612a7c

    • SHA256

      8adfe9b991e29cb3b8d17e458c19bc735e6bbb332588c930987e4e9c76ee54ec

    • SHA512

      0043c2c69fac9c8aa3cda1915e045cff18184a273e8e70de03ee638afc683c351ec961d239ce946a87fd9fc6184b8adaeb5b88e087261f3e4a7f2c1cc5efcdff

    • SSDEEP

      49152:xX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QC:xlRsZ47/QXoHUOfAoj1x6C

    Score
    1/10

MITRE ATT&CK Matrix

Tasks