Overview

overview

10

Static

static

10

2024-11-16...er.exe

windows7-x64

1

2024-11-16...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-16_72d6c6b7d65aa6a65a1522ac68062384_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241116-c678asslhm

  • MD5

    72d6c6b7d65aa6a65a1522ac68062384

  • SHA1

    766fb2560058bc47524293284d9c1de5c3ad8d81

  • SHA256

    a15ef3272189374a2cd69ade958f0cfb94db61d740b37e5dbab18c709b6f7427

  • SHA512

    87bf62e164106992a8985298be7da75ce80a993e061400dac22a0ae7934c303bc9cf2328ff8c26275dd8af1087bcf9f06017974d959f754932a3178410c01cb0

  • SSDEEP

    49152:lX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QI:llRsZ47/QXoHUOfAoj1x6I

Score
10/10
meshagentaoa

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

AOA

C2

http://remote.ausict.com:443/agent.ashx

Attributes
  • mesh_id

    0xC10C4EE165502825483C1E79A3BB217F9FD0148898E1A8900E87DA39B3467B27EE6E01140E4F7AD4D25AC1F7C406DF4F

  • server_id

    5B611549324430E6DCACAC23207BDDB4B5C5767F5C74126A43AE34C79E08C1451497F14C89AD9F9FDC94D11DBF3BFE34

  • wss

    wss://remote.ausict.com:443/agent.ashx

Targets

    • Target

      2024-11-16_72d6c6b7d65aa6a65a1522ac68062384_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      72d6c6b7d65aa6a65a1522ac68062384

    • SHA1

      766fb2560058bc47524293284d9c1de5c3ad8d81

    • SHA256

      a15ef3272189374a2cd69ade958f0cfb94db61d740b37e5dbab18c709b6f7427

    • SHA512

      87bf62e164106992a8985298be7da75ce80a993e061400dac22a0ae7934c303bc9cf2328ff8c26275dd8af1087bcf9f06017974d959f754932a3178410c01cb0

    • SSDEEP

      49152:lX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QI:llRsZ47/QXoHUOfAoj1x6I

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks