General

  • Target

    2024-09-24_c8cbf412750050248d0e69d9442bd1ca_ryuk_sliver

  • Size

    3.3MB

  • MD5

    c8cbf412750050248d0e69d9442bd1ca

  • SHA1

    c74ba0888cc19ab0e37be51fdf776742ec612a7c

  • SHA256

    8adfe9b991e29cb3b8d17e458c19bc735e6bbb332588c930987e4e9c76ee54ec

  • SHA512

    0043c2c69fac9c8aa3cda1915e045cff18184a273e8e70de03ee638afc683c351ec961d239ce946a87fd9fc6184b8adaeb5b88e087261f3e4a7f2c1cc5efcdff

  • SSDEEP

    49152:xX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QC:xlRsZ47/QXoHUOfAoj1x6C

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.doubehi.xyz:443/agent.ashx

Attributes
  • mesh_id

    0xB8005B1CF6A6ED1837D5685521C545B4B0FF534D9B9663E98B17378BBE1543E4310011C6E0ECD0CB2CF824A55D575540

  • server_id

    88A6C524BB5954DBFF1163A381199A301EAD8865F5B3CA30751FE615CC9EBFE97880DE50059BB9DCCD3882387735BE30

  • wss

    wss://mesh.doubehi.xyz:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-09-24_c8cbf412750050248d0e69d9442bd1ca_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections