General

  • Target

    2024-10-16_68e8247ae8c05552b0d5ee0208a49f2f_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241016-xg5q4azdmj

  • MD5

    68e8247ae8c05552b0d5ee0208a49f2f

  • SHA1

    5e0e66e0d6777f71859c3656e3bb82b443f52b4e

  • SHA256

    daa9dbcd16825428bdb4857f97f882a0102c58c79869273b7d37dda927e51062

  • SHA512

    24fc60451363dfc66f892634088705c847bb99c6bfc303b92da0b3b62220f8bea4f50d4f1dab7ebd526e9d7e3f83bae76dbaca04fa3e3237b5c8791c019770ea

  • SSDEEP

    49152:rX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QH:rlRsZ47/QXoHUOfAoj1x6H

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

William Birdwell

C2

http://remote.tech-realms.com:443/agent.ashx

Attributes
  • mesh_id

    0xC8AFF3564C00C2737664BB4A9C80CCC09BD7AB4400AE45646E3301BFF84D283A0B03B43AB78C846EEA870F795FDA752B

  • server_id

    4AEEA465E88842CA26A8DC1450532F8ED148A195E130DFE9119E81383FDA470EA29A2C897F2B9937BCC35EC3481012B0

  • wss

    wss://remote.tech-realms.com:443/agent.ashx

Targets

    • Target

      2024-10-16_68e8247ae8c05552b0d5ee0208a49f2f_ryuk_sliver

    • Size

      3.3MB

    • MD5

      68e8247ae8c05552b0d5ee0208a49f2f

    • SHA1

      5e0e66e0d6777f71859c3656e3bb82b443f52b4e

    • SHA256

      daa9dbcd16825428bdb4857f97f882a0102c58c79869273b7d37dda927e51062

    • SHA512

      24fc60451363dfc66f892634088705c847bb99c6bfc303b92da0b3b62220f8bea4f50d4f1dab7ebd526e9d7e3f83bae76dbaca04fa3e3237b5c8791c019770ea

    • SSDEEP

      49152:rX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QH:rlRsZ47/QXoHUOfAoj1x6H

    Score
    1/10

MITRE ATT&CK Matrix

Tasks