Overview

overview

10

Static

static

10

2024-10-31...er.exe

windows7-x64

1

2024-10-31...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-31_f40bab29872308b6268238492dbfcf1f_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241031-qxk83azcnp

  • MD5

    f40bab29872308b6268238492dbfcf1f

  • SHA1

    2ccdb246b25ad34e073977e8e58cc8d820e809ba

  • SHA256

    0b573062ed33a7f033648650172f6a261a1c5bfdb14e59680f177420eb28e899

  • SHA512

    1a390099bb40eda6b0beb024db1fe496f713c67d63ed5e1e5b61babbd562fbb5f1d16485619f4db0a5ecfabcfb6547dc40837608e5fb7cce1c5ae737fa222786

  • SSDEEP

    49152:qX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qr:qlRsZ47/QXoHUOfAoj1x6r

Score
10/10
meshagenttacticalrmm

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.retail-jam.com:443/agent.ashx

Attributes
  • mesh_id

    0xCF2380355FE3B22DC70FBB40D6F7C3560289611C848CF7FDC69A01883E755C2D510FBA8E9D65E324FC424F39E1B90381

  • server_id

    B706AD628F5659407D17B22930A4144100CCBA6E17DE8C20FFDD8D1A1DDBB838C689AC721DCA1A0953C8E0E2011D4ACE

  • wss

    wss://mesh.retail-jam.com:443/agent.ashx

Targets

    • Target

      2024-10-31_f40bab29872308b6268238492dbfcf1f_ryuk_sliver

    • Size

      3.3MB

    • MD5

      f40bab29872308b6268238492dbfcf1f

    • SHA1

      2ccdb246b25ad34e073977e8e58cc8d820e809ba

    • SHA256

      0b573062ed33a7f033648650172f6a261a1c5bfdb14e59680f177420eb28e899

    • SHA512

      1a390099bb40eda6b0beb024db1fe496f713c67d63ed5e1e5b61babbd562fbb5f1d16485619f4db0a5ecfabcfb6547dc40837608e5fb7cce1c5ae737fa222786

    • SSDEEP

      49152:qX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qr:qlRsZ47/QXoHUOfAoj1x6r

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks