General
-
Target
e6148c7e8cec3a4565e97a139d2b09dbdf2f30460054fa168624fdc1050421d3.exe
-
Size
1.8MB
-
Sample
240925-c71jvazhkr
-
MD5
749bd6bf56a6d0ad6a8a4e5712377555
-
SHA1
6e4ff640a527ed497505c402d1e7bdb26f3dd472
-
SHA256
e6148c7e8cec3a4565e97a139d2b09dbdf2f30460054fa168624fdc1050421d3
-
SHA512
250f1825f5d2577124606818a8c370bb862d74dfebddd8c25ec2b43448626b583e166e101f65ebe12b66b8767af7ad75a8d9f5a3afd4e10f4dd3e6239efe9a7d
-
SSDEEP
49152:UkQletNpj4NmwF1tBE6BAfTm9k9MJsuAfChboFtcZo:UFletXjoD1tBEc90XCo6Zo
Behavioral task
behavioral1
Sample
e6148c7e8cec3a4565e97a139d2b09dbdf2f30460054fa168624fdc1050421d3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e6148c7e8cec3a4565e97a139d2b09dbdf2f30460054fa168624fdc1050421d3.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
meshagent32-group.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
meshagent32-group.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
meshagent
2
group
http://94.131.119.184:443/agent.ashx
-
mesh_id
0x1BB80B7BD3F37219BF6F79BEE0A08A00B90168972309CA4BFD812814A9F980439E71B51CC08CC59D904B5AED18647DD0
-
server_id
B13800B3094163CC81EA68335E6D9A9B98350B3D697F92D49A06C6ADC9519150B766816EBC90ED105D4749F3F47F60B6
-
wss
wss://94.131.119.184:443/agent.ashx
Targets
-
-
Target
e6148c7e8cec3a4565e97a139d2b09dbdf2f30460054fa168624fdc1050421d3.exe
-
Size
1.8MB
-
MD5
749bd6bf56a6d0ad6a8a4e5712377555
-
SHA1
6e4ff640a527ed497505c402d1e7bdb26f3dd472
-
SHA256
e6148c7e8cec3a4565e97a139d2b09dbdf2f30460054fa168624fdc1050421d3
-
SHA512
250f1825f5d2577124606818a8c370bb862d74dfebddd8c25ec2b43448626b583e166e101f65ebe12b66b8767af7ad75a8d9f5a3afd4e10f4dd3e6239efe9a7d
-
SSDEEP
49152:UkQletNpj4NmwF1tBE6BAfTm9k9MJsuAfChboFtcZo:UFletXjoD1tBEc90XCo6Zo
-
Detects MeshAgent payload
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
meshagent32-group.exe
-
Size
3.7MB
-
MD5
e8bd5c14b8301039e7538298d26cf09b
-
SHA1
4702252fef2156b59ad61f1f397b205323b339c4
-
SHA256
f32426d0fc71a3a054f0fe263133aabeb25c9d7d129238cfcfc0c1a40854c67e
-
SHA512
7108e6379e9e2698dbac52549b5fc81d7b3c5bb02d4d3574b7be9e8ab9f6f473513e651c1ce0809d74273f02e837c36032666f739c05b71fa732899360b77cee
-
SSDEEP
49152:G8o8bZjyJVD0s9Mr3XIfRviWkgEOaxfCbCMcXGtSgvZPOQ5QpE:G8o8VOUs9joRbMc2tSW6q
Score3/10 -