General

  • Target

    2024-10-07_720d104e116e9dd88706c2811d3a5d2a_ryuk_sliver

  • Size

    3.2MB

  • MD5

    720d104e116e9dd88706c2811d3a5d2a

  • SHA1

    51cacfec57922a86e469ea1e435f362556b10e15

  • SHA256

    e4375ee29ef1c8f9762e3a3bed96422fe10107e29cd010db1a59269946310470

  • SHA512

    1a48f3b088243375a1fa6f4d956d34eed2a1a1eea0593b2a28318ff89dbb09368d2c0bcc459a041427813b9dea45096ba721e5248ec9e675e5fff1d145e45ceb

  • SSDEEP

    49152:e0yAXvucS6SnbZVlxyZH0XAaCx5OX9ZO/xtEfOfzMFvfDTtKjkVE+ubDw8litYOn:Fvg6ClrBCjec+OfAK7DuYOQG

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Uceda - Jones

C2

http://remote.opennology.com:443/agent.ashx

Attributes
  • mesh_id

    0xC5B4844AD2A9004F5010F044089637485AD4C8785249ECE31CC06CF83F2A34938E0919A292351498100C4CA19CC1AE7D

  • server_id

    CEA0C3AF6448380189838E51FE29C7BDFDCC5A7E86351147799A84708BCD06B563FA9701A30D129D9BAAE972A73B5591

  • wss

    wss://remote.opennology.com:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-10-07_720d104e116e9dd88706c2811d3a5d2a_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    de9d50d41586565d7f7d04f9c85905a2


    Headers

    Imports

    Sections