Overview

overview

10

Static

static

10

2024-10-25...er.exe

windows7-x64

1

2024-10-25...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-25_1a8ded3beae6949f9fbf299c04ab8dfa_ryuk_sliver

  • Size

    3.4MB

  • Sample

    241025-lmcfysxfmg

  • MD5

    1a8ded3beae6949f9fbf299c04ab8dfa

  • SHA1

    acd74bcde04fec0827032d1d0ba81eb516877be7

  • SHA256

    cafc3e9a9fb0fce4418b92a9d0c53b1776d0b4f317690a283b22485c01dbd77f

  • SHA512

    7033ff9b438f5d1600d6982251bf07fcaf7f5f3e16f32f9c313b6d95b3961dc7306aa6df183cb1bb5455213ec2b416f90309057b9758abb2f34e5fa4874a8cb4

  • SSDEEP

    49152:jX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe55bfx2:jlRsZ47/QXoHUOfAoj1gxfs

Score
10/10
meshagentxtra

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

xTra

C2

http://m.w3k.io:443/agent.ashx

Attributes
  • mesh_id

    0x0E36898C9584EBDC3BDE11E46784F69A4505CE3C494BEBE1A6E63A562C6D30B01CE552C116AF0311CD16733F71604C05

  • server_id

    B2EC70546B43CF1D1137B8FCF6B9C267BA53725DDDD8A1254A749BB9306C7FA1C2E923D314FAA4A25550CAA2B23F9084

  • wss

    wss://m.w3k.io:443/agent.ashx

Targets

    • Target

      2024-10-25_1a8ded3beae6949f9fbf299c04ab8dfa_ryuk_sliver

    • Size

      3.4MB

    • MD5

      1a8ded3beae6949f9fbf299c04ab8dfa

    • SHA1

      acd74bcde04fec0827032d1d0ba81eb516877be7

    • SHA256

      cafc3e9a9fb0fce4418b92a9d0c53b1776d0b4f317690a283b22485c01dbd77f

    • SHA512

      7033ff9b438f5d1600d6982251bf07fcaf7f5f3e16f32f9c313b6d95b3961dc7306aa6df183cb1bb5455213ec2b416f90309057b9758abb2f34e5fa4874a8cb4

    • SSDEEP

      49152:jX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe55bfx2:jlRsZ47/QXoHUOfAoj1gxfs

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks