General

  • Target

    1d47d11dc976beb251c9650e524ddbebcb05cd00fdd1b577b6d714c13fd5370cN

  • Size

    3.2MB

  • MD5

    38d91a4930a59eab50c252452b636380

  • SHA1

    f1933f56f18223c2fcb497c472c513414a04b4d1

  • SHA256

    1d47d11dc976beb251c9650e524ddbebcb05cd00fdd1b577b6d714c13fd5370c

  • SHA512

    d8e28025f42a102a0b1ca6dc7ae4b4b902f1e06043ef7f5a33743a4b8661b68d970a6559d296be66ba1fdc99b3224e3bc4689ee1d60477f9336f79e3546ce09a

  • SSDEEP

    49152:20yAXvucS6SnbZVlxyZH0XAaCx5OX9ZO/xtEfOfzMFvfDTtKjkVE+ubDw8litYOu:tvg6ClrBCjec+OfAK7DuYOQr

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Uceda School - Eastern

C2

http://remote.opennology.com:443/agent.ashx

Attributes
  • mesh_id

    0x90E2DE221F7B3845544A9C06ADF516B97090FF8BC58BA0AB1B645332B682F094AD68D97F32BDC1025EB5284F3F06A3B4

  • server_id

    CEA0C3AF6448380189838E51FE29C7BDFDCC5A7E86351147799A84708BCD06B563FA9701A30D129D9BAAE972A73B5591

  • wss

    wss://remote.opennology.com:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1d47d11dc976beb251c9650e524ddbebcb05cd00fdd1b577b6d714c13fd5370cN
    .exe windows:6 windows x64 arch:x64

    de9d50d41586565d7f7d04f9c85905a2


    Headers

    Imports

    Sections