General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    240924-tf86casbjn

  • MD5

    749bd6bf56a6d0ad6a8a4e5712377555

  • SHA1

    6e4ff640a527ed497505c402d1e7bdb26f3dd472

  • SHA256

    e6148c7e8cec3a4565e97a139d2b09dbdf2f30460054fa168624fdc1050421d3

  • SHA512

    250f1825f5d2577124606818a8c370bb862d74dfebddd8c25ec2b43448626b583e166e101f65ebe12b66b8767af7ad75a8d9f5a3afd4e10f4dd3e6239efe9a7d

  • SSDEEP

    49152:UkQletNpj4NmwF1tBE6BAfTm9k9MJsuAfChboFtcZo:UFletXjoD1tBEc90XCo6Zo

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

group

C2

http://94.131.119.184:443/agent.ashx

Attributes
  • mesh_id

    0x1BB80B7BD3F37219BF6F79BEE0A08A00B90168972309CA4BFD812814A9F980439E71B51CC08CC59D904B5AED18647DD0

  • server_id

    B13800B3094163CC81EA68335E6D9A9B98350B3D697F92D49A06C6ADC9519150B766816EBC90ED105D4749F3F47F60B6

  • wss

    wss://94.131.119.184:443/agent.ashx

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      749bd6bf56a6d0ad6a8a4e5712377555

    • SHA1

      6e4ff640a527ed497505c402d1e7bdb26f3dd472

    • SHA256

      e6148c7e8cec3a4565e97a139d2b09dbdf2f30460054fa168624fdc1050421d3

    • SHA512

      250f1825f5d2577124606818a8c370bb862d74dfebddd8c25ec2b43448626b583e166e101f65ebe12b66b8767af7ad75a8d9f5a3afd4e10f4dd3e6239efe9a7d

    • SSDEEP

      49152:UkQletNpj4NmwF1tBE6BAfTm9k9MJsuAfChboFtcZo:UFletXjoD1tBEc90XCo6Zo

    • Detects MeshAgent payload

    • MeshAgent

      MeshAgent is an open source remote access trojan written in C++.

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Target

      meshagent32-group.exe

    • Size

      3.7MB

    • MD5

      e8bd5c14b8301039e7538298d26cf09b

    • SHA1

      4702252fef2156b59ad61f1f397b205323b339c4

    • SHA256

      f32426d0fc71a3a054f0fe263133aabeb25c9d7d129238cfcfc0c1a40854c67e

    • SHA512

      7108e6379e9e2698dbac52549b5fc81d7b3c5bb02d4d3574b7be9e8ab9f6f473513e651c1ce0809d74273f02e837c36032666f739c05b71fa732899360b77cee

    • SSDEEP

      49152:G8o8bZjyJVD0s9Mr3XIfRviWkgEOaxfCbCMcXGtSgvZPOQ5QpE:G8o8VOUs9joRbMc2tSW6q

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks