General

  • Target

    2024-10-08_d53ac23694f1aee8034331524b024832_ryuk_sliver

  • Size

    3.0MB

  • MD5

    d53ac23694f1aee8034331524b024832

  • SHA1

    cac113c522b5d9817ef408b52e50d9c36a2ce9a4

  • SHA256

    9b65527a803e52a9d7f4adbe8ad6e7fa404c352a9ed80955a6e263539ff23e39

  • SHA512

    c13d381f2c5268fa61fd7d124b0baa0a85b440be428a83351b7e36be22540362ec6fdd29e209e26a14adc5f381b6b005ddeb0cb7a534df9e19ecdbcaf61821a4

  • SSDEEP

    49152:a0yAXvucS6SnbZVlxyZH0XAaCx5OX9ZO/xtEfOfzMFvfDTtKjkVE+ubDw8litYY:5vg6ClrBCjec+OfAK7DuYY

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

JUNE 2022

C2

http://ec2-52-66-245-53.ap-south-1.compute.amazonaws.com:443/agent.ashx

Attributes
  • mesh_id

    0xA9B8E2170A5547D0BCF991A95B3BCC8EAFFC541CD49DFE9F84D3E38581378EB043840732B3889D09EA0E9B7E2556B9AB

  • server_id

    75FD2036FEA22F3C988ED804CC808E502BD496E961D6368715A60B02C93882CECC137D0630744C7CE491809EDFAFAF77

  • wss

    wss://ec2-52-66-245-53.ap-south-1.compute.amazonaws.com:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-10-08_d53ac23694f1aee8034331524b024832_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    de9d50d41586565d7f7d04f9c85905a2


    Headers

    Imports

    Sections