Overview

overview

10

Static

static

10

2024-10-31...er.exe

windows7-x64

1

2024-10-31...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-31_d6a6d97320607d7bc21a6144fd14c118_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241031-qtks5ayhqb

  • MD5

    d6a6d97320607d7bc21a6144fd14c118

  • SHA1

    769fcdf48ef6594882986d64ca5b8dee24ca9da5

  • SHA256

    ee14e7a4af5bb439bf509ba12e4a909eb24d98beb2c1c95a565e1a006c6f7ebe

  • SHA512

    3f90a70dd3482a68001e14563f764de83208e979aafa7884016447fc0d169643e8594cbd1699a2a944661892a93fb1b413392316bfede0d5e51a9439e03ae169

  • SSDEEP

    49152:1X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QA:1lRsZ47/QXoHUOfAoj1x6A

Score
10/10
meshagenttacticalrmm

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.alivetravel.com:443/agent.ashx

Attributes
  • mesh_id

    0x10E50773C210B5052B63612505932352E9C12A3469E77ED50EDE7C7B47C81BC5D48129AC0033EE20E220AC7C92C95C70

  • server_id

    938B0E50189EC7A4098E9A86A8FDBD2FC608BBB5CA93C77D6D8046A557991CD80FD5751F3757F0A98A541DE644734066

  • wss

    wss://mesh.alivetravel.com:443/agent.ashx

Targets

    • Target

      2024-10-31_d6a6d97320607d7bc21a6144fd14c118_ryuk_sliver

    • Size

      3.3MB

    • MD5

      d6a6d97320607d7bc21a6144fd14c118

    • SHA1

      769fcdf48ef6594882986d64ca5b8dee24ca9da5

    • SHA256

      ee14e7a4af5bb439bf509ba12e4a909eb24d98beb2c1c95a565e1a006c6f7ebe

    • SHA512

      3f90a70dd3482a68001e14563f764de83208e979aafa7884016447fc0d169643e8594cbd1699a2a944661892a93fb1b413392316bfede0d5e51a9439e03ae169

    • SSDEEP

      49152:1X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QA:1lRsZ47/QXoHUOfAoj1x6A

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks