Overview

overview

10

Static

static

10

2024-11-10...uk.exe

windows7-x64

1

2024-11-10...uk.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-10_6266be425ed5e3c7482302c3d1a57336_hijackloader_ismagent_ryuk

  • Size

    3.3MB

  • Sample

    241110-pnx1tszlgq

  • MD5

    6266be425ed5e3c7482302c3d1a57336

  • SHA1

    38b7efbefe0ae666298a52ba85ffa3875c9db09f

  • SHA256

    cc94e4ca1491bf9e2cdced14977b80164cf0b3c031d2e4b356dd13181a984af8

  • SHA512

    53f3dceee779873084b5e817e2e91f3f3f57705b31b8ff91cc148c2a153e1cebe22c83e01c8e99f760832e819bdf88522bfadf0ccf7fb3d483d82fc554db6c65

  • SSDEEP

    49152:BX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qss:BlRsZ47/QXoHUOfAoj1x6f

Score
10/10
meshagentgranja

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Granja

C2

http://qwert.gcservice.ru:443/agent.ashx

Attributes
  • mesh_id

    0x8828E33B570F69D253F7A591FC4FB716560861B1801FB6C718DFC270F2574B0ED76FB14A43690EFA0DA8AF7C8810D137

  • server_id

    5360F7F4B1D1E6B43DCD0F1CFC7575FCEAE84917BA72DB60AF97B621F4C26B7FA899BDAA61A68EF90DF91CE0D8A36E7A

  • wss

    wss://qwert.gcservice.ru:443/agent.ashx

Targets

    • Target

      2024-11-10_6266be425ed5e3c7482302c3d1a57336_hijackloader_ismagent_ryuk

    • Size

      3.3MB

    • MD5

      6266be425ed5e3c7482302c3d1a57336

    • SHA1

      38b7efbefe0ae666298a52ba85ffa3875c9db09f

    • SHA256

      cc94e4ca1491bf9e2cdced14977b80164cf0b3c031d2e4b356dd13181a984af8

    • SHA512

      53f3dceee779873084b5e817e2e91f3f3f57705b31b8ff91cc148c2a153e1cebe22c83e01c8e99f760832e819bdf88522bfadf0ccf7fb3d483d82fc554db6c65

    • SSDEEP

      49152:BX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qss:BlRsZ47/QXoHUOfAoj1x6f

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks