General

  • Target

    2024-10-12_31c7fa68b69d8d229a6e9daa2949d895_ryuk_sliver

  • Size

    2.9MB

  • MD5

    31c7fa68b69d8d229a6e9daa2949d895

  • SHA1

    2f5593e25a34cbb303901bce8942a8505ba2a38f

  • SHA256

    5036a62e5049d149c98856687b229e522f01c0db515a05e650b9ab40ca840e6f

  • SHA512

    7fc7bff771c3bcc75ad95eafc762f344c06b5373f70eb7c43c81125b40cb2f3f952036c89a6bccb4aa53481f3f23f401eb9d7a56d9d0b1eaa48c3597fe2f7c37

  • SSDEEP

    49152:JyEEFoRjQ86ctQAWrk9k+PhBFB3FFIBoYCIYSMFvf0VQc9pdQPp:Jnj36pUk0TkfYiQ/p

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Home

C2

http://control.tautolo.gy:443/agent.ashx

Attributes
  • mesh_id

    0x18936942A3E5AE65DF8836B6EEFA3FD5DD375127CA3DA1852C2EC2DBA43786A498AA27456851B49C48A8683629B450EB

  • server_id

    08C4CDB1491A60BC30D0136004508FDDA3818CAB78A02628E44948AE98F2E0A2B4D87C34CBD4C18D959886F9B49EB33A

  • wss

    wss://control.tautolo.gy:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-10-12_31c7fa68b69d8d229a6e9daa2949d895_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    d01cc3ccd4e258e08c52468271c93805


    Headers

    Imports

    Sections