General

  • Target

    2024-10-07_fdc17481b0e5a9c462c130dd6bc67212_ryuk_sliver

  • Size

    3.3MB

  • MD5

    fdc17481b0e5a9c462c130dd6bc67212

  • SHA1

    97a6265f9f35d2bd448b849e6361e17be2b9c88d

  • SHA256

    e1ed73f0439f6622ff4e355b8000477691c31f8f365d79e45c2866e5a6ae7efa

  • SHA512

    966a6d4aa3ba5c79a236a38b305a19472a8f51c3e87ba6346fa512505e4c417f4598aeb9fcb6af8ee86da0fad05a27aa883fae0f6c6fb73a92c4797689aaa53c

  • SSDEEP

    49152:TX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe/5p:TlRsZ47/QXoHUOfAoj1y/

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

2.8.0.1

C2

http://mesh.updatestore.site:443/agent.ashx

Attributes
  • mesh_id

    0x3B4040E7CB98B32E87243F329F47B7A3BB50EF2FAAA73682331056AA0B26FAFBF379B4DA8EFF5D61A11ED345F0738564

  • server_id

    EEE4FD74C2BAE9C939359E0CCFC3B1253AEE502418CEB032F3177E9D956830466398F1BB58C97EFB598967DC8B3EF0F4

  • wss

    wss://mesh.updatestore.site:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-10-07_fdc17481b0e5a9c462c130dd6bc67212_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections