General

  • Target

    2024-10-16_68e8247ae8c05552b0d5ee0208a49f2f_ryuk_sliver

  • Size

    3.3MB

  • MD5

    68e8247ae8c05552b0d5ee0208a49f2f

  • SHA1

    5e0e66e0d6777f71859c3656e3bb82b443f52b4e

  • SHA256

    daa9dbcd16825428bdb4857f97f882a0102c58c79869273b7d37dda927e51062

  • SHA512

    24fc60451363dfc66f892634088705c847bb99c6bfc303b92da0b3b62220f8bea4f50d4f1dab7ebd526e9d7e3f83bae76dbaca04fa3e3237b5c8791c019770ea

  • SSDEEP

    49152:rX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QH:rlRsZ47/QXoHUOfAoj1x6H

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

William Birdwell

C2

http://remote.tech-realms.com:443/agent.ashx

Attributes
  • mesh_id

    0xC8AFF3564C00C2737664BB4A9C80CCC09BD7AB4400AE45646E3301BFF84D283A0B03B43AB78C846EEA870F795FDA752B

  • server_id

    4AEEA465E88842CA26A8DC1450532F8ED148A195E130DFE9119E81383FDA470EA29A2C897F2B9937BCC35EC3481012B0

  • wss

    wss://remote.tech-realms.com:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-10-16_68e8247ae8c05552b0d5ee0208a49f2f_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections