General

  • Target

    2024-10-02_0262a2cfe6b45110ce50f94340c1a53e_ryuk_sliver

  • Size

    3.3MB

  • MD5

    0262a2cfe6b45110ce50f94340c1a53e

  • SHA1

    d958f0211c043ee165ef35a5ed51030b09665c2c

  • SHA256

    2169341de3ef549f9af76cf0964196226d78f6821197352db3bc83adeb4b025a

  • SHA512

    1c346cdd700fdf233d7fd71be982da5937414bd52ba82a78aaf35bbf5818b8501de71ba17dace2cf5fee7a1799f1e4969439323f812b5c70a5e14076308b46f8

  • SSDEEP

    49152:5X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQet5o:5lRsZ47/QXoHUOfAoj14W

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

robin

C2

http://exam.webipv.com:443/agent.ashx

Attributes
  • mesh_id

    0x382C0DCF945669BFC685AF8EA9F64433CE7F4310090E99F518EB42E95EE0100E17A121155CB98D7C24043265472748BF

  • server_id

    C548A56198204AA58B1B935B7C94DEC937F526F4D95BA9A934173D49C789C88C656BEC078BE602DD32033D07A44BF5E2

  • wss

    wss://exam.webipv.com:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-10-02_0262a2cfe6b45110ce50f94340c1a53e_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections