General

  • Target

    2024-10-31_f40bab29872308b6268238492dbfcf1f_ryuk_sliver

  • Size

    3.3MB

  • MD5

    f40bab29872308b6268238492dbfcf1f

  • SHA1

    2ccdb246b25ad34e073977e8e58cc8d820e809ba

  • SHA256

    0b573062ed33a7f033648650172f6a261a1c5bfdb14e59680f177420eb28e899

  • SHA512

    1a390099bb40eda6b0beb024db1fe496f713c67d63ed5e1e5b61babbd562fbb5f1d16485619f4db0a5ecfabcfb6547dc40837608e5fb7cce1c5ae737fa222786

  • SSDEEP

    49152:qX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qr:qlRsZ47/QXoHUOfAoj1x6r

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.retail-jam.com:443/agent.ashx

Attributes
  • mesh_id

    0xCF2380355FE3B22DC70FBB40D6F7C3560289611C848CF7FDC69A01883E755C2D510FBA8E9D65E324FC424F39E1B90381

  • server_id

    B706AD628F5659407D17B22930A4144100CCBA6E17DE8C20FFDD8D1A1DDBB838C689AC721DCA1A0953C8E0E2011D4ACE

  • wss

    wss://mesh.retail-jam.com:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-10-31_f40bab29872308b6268238492dbfcf1f_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections