General

  • Target

    2024-11-01_708c64063e1563cb9d02590f64378a88_ryuk_sliver

  • Size

    3.3MB

  • MD5

    708c64063e1563cb9d02590f64378a88

  • SHA1

    c6d9fb8573d25a159db5e7034cb6aac73a389fa1

  • SHA256

    f008fc2e067b86c81d0deaddecb9e055984621d95df8f3c141e42f229292dcf1

  • SHA512

    1059e9273c179ab11c09c41f313652506293927ebd2f07b9b31651bfa419393c09f22eebab024d68e3696cfd5d707a7f7cb64ecb14523423d89ea425275df9c2

  • SSDEEP

    49152:6X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QO:6lRsZ47/QXoHUOfAoj1x6O

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.aodinfo.com:443/agent.ashx

Attributes
  • mesh_id

    0x46C33C9D1C6F4BF2F210904C74DFF07D4057BC5F089171CFFA1F4C87F1F1FEDA62E85937EBC7EC20514967F4EE0245E4

  • server_id

    A5B4B97EBAE17BFA08524157F3E390410F6ED55BE379BF1E504FDFD5A194C95569F6BC5F05F6890828922968252E130D

  • wss

    wss://mesh.aodinfo.com:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-11-01_708c64063e1563cb9d02590f64378a88_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections