Overview

overview

10

Static

static

10

2024-11-13...er.exe

windows7-x64

1

2024-11-13...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-13_012d18793cf9a5a555ca875c06d16bb2_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241113-lbbehszapr

  • MD5

    012d18793cf9a5a555ca875c06d16bb2

  • SHA1

    3f151a75c261f8f18ba714cad739b677abfe5c40

  • SHA256

    15e75f78d8c66919d5eae3ac7c670aa2c6472c3720d69f6607f14ef213dfc66f

  • SHA512

    cb860443f8f1283cbb59ea9c6c7cec7186ec5db9c9f110ff13baf3aafe4cea8e223503377267b7d94281ab4799ce1111328473df625d699f6ef6a15628a5ecb9

  • SSDEEP

    49152:8X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QF:8lRsZ47/QXoHUOfAoj1x6F

Score
10/10
meshagentcustomers

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Customers

C2

http://rd.primeserversinc.com:443/agent.ashx

Attributes
  • mesh_id

    0x607F659189120ABF11672D67070163BD3C154B46E5678ADB176782C92ABBA8D3AB271EB97FBB24A4E2CF6A7529BC508A

  • server_id

    0A62416A7B89AC63C58F134B193BD23A279414BF64A833509E95785B6DC4E8E78B0056793A1317A4C6C4A2665EC668BC

  • wss

    wss://rd.primeserversinc.com:443/agent.ashx

Targets

    • Target

      2024-11-13_012d18793cf9a5a555ca875c06d16bb2_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      012d18793cf9a5a555ca875c06d16bb2

    • SHA1

      3f151a75c261f8f18ba714cad739b677abfe5c40

    • SHA256

      15e75f78d8c66919d5eae3ac7c670aa2c6472c3720d69f6607f14ef213dfc66f

    • SHA512

      cb860443f8f1283cbb59ea9c6c7cec7186ec5db9c9f110ff13baf3aafe4cea8e223503377267b7d94281ab4799ce1111328473df625d699f6ef6a15628a5ecb9

    • SSDEEP

      49152:8X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QF:8lRsZ47/QXoHUOfAoj1x6F

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks