Overview

overview

10

Static

static

10

2024-11-06...er.exe

windows7-x64

1

2024-11-06...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-06_36152c5990b2300016b4ae59c1b72d8b_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241106-xhmxnsxrcn

  • MD5

    36152c5990b2300016b4ae59c1b72d8b

  • SHA1

    aa18bc9ebdc952de2eaa654bf1009ffd6190515f

  • SHA256

    bc59c502bd6adbb3aa2f63c8963a3445456ff965976044ca00434c37deae37b1

  • SHA512

    9772338ea3acc73e9c1fdba2fe4ca005b5adfdc5ccf32859178108075bcde765ac608e1422f9d066a2bccf2a2d4a0bcc88a9831af80552219b76506d6e893b28

  • SSDEEP

    49152:LX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qj:LlRsZ47/QXoHUOfAoj1x6j

Score
10/10
meshagent5-11

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

5-11

C2

http://benitolocker.pro:443/agent.ashx

Attributes
  • mesh_id

    0x79CFD54088282336DDB3F2D638F09083B1054DE03CAA89A7685427A49558CC37D970A1C2F9EF5B2F5B1FADBBF2658D67

  • server_id

    1D4D11E707A7D5FA47BFB4705F74843B96142CDB21117F5A3F5234811772E225E16EBCE327C6F43112BF2E84F9D71D7D

  • wss

    wss://benitolocker.pro:443/agent.ashx

Targets

    • Target

      2024-11-06_36152c5990b2300016b4ae59c1b72d8b_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      36152c5990b2300016b4ae59c1b72d8b

    • SHA1

      aa18bc9ebdc952de2eaa654bf1009ffd6190515f

    • SHA256

      bc59c502bd6adbb3aa2f63c8963a3445456ff965976044ca00434c37deae37b1

    • SHA512

      9772338ea3acc73e9c1fdba2fe4ca005b5adfdc5ccf32859178108075bcde765ac608e1422f9d066a2bccf2a2d4a0bcc88a9831af80552219b76506d6e893b28

    • SSDEEP

      49152:LX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qj:LlRsZ47/QXoHUOfAoj1x6j

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks