General

  • Target

    e0fab0d9f4bf8911f7d424db3beea4c0ac8ed00e7462e82196b867d30805d760N

  • Size

    3.3MB

  • MD5

    66a6692bedfa5bee3ed95ca6d33bf6a0

  • SHA1

    f81d22f1d1c068a660c904ce2302f58c625ca4f2

  • SHA256

    e0fab0d9f4bf8911f7d424db3beea4c0ac8ed00e7462e82196b867d30805d760

  • SHA512

    0de697b8346c8ef7a4ce3f73e7ec9308fc47a81f23d93ca2cb2b5b3d90ad9cb8edb321b81c74ebef41c5016edbd080ad5d90c743e1991199f8965ccabcc2a2e6

  • SSDEEP

    49152:PX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q9:PlRsZ47/QXoHUOfAoj1x69

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.opennology.com:443/agent.ashx

Attributes
  • mesh_id

    0x156534FE9325394B9FA74275A3F15D9036AF9B14CC6C64D079C39FE28A9AC0058D8023C24B89B755F3BEF462C4C8137D

  • server_id

    E3DD584A444F5D46BD73BC240A86DB2E8441224EF95FD1A7CCE7925CBB52BDE54BFCD2F8708D1B10984832EFA9E2CBEA

  • wss

    wss://mesh.opennology.com:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • e0fab0d9f4bf8911f7d424db3beea4c0ac8ed00e7462e82196b867d30805d760N
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections