Overview

overview

10

Static

static

10

2024-11-16...er.exe

windows7-x64

1

2024-11-16...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-16_d09e8c5ca9d07ee34218889f1c943e4a_ismagent_ryuk_sliver

  • Size

    3.2MB

  • Sample

    241116-v34d2s1alr

  • MD5

    d09e8c5ca9d07ee34218889f1c943e4a

  • SHA1

    4328f5a08e2449a56764d78e45ee80f458866296

  • SHA256

    167ccd1d322f35dc98c3dc7533dc87c79a8ecb27bdaa27a95c76787ee7fe6e52

  • SHA512

    2495b8ff61a82ca9f94d072b94ead0e3cde90c8d47b0fcc268114a6c0984b23ebbd0b533179aac208c94f358d08364a3037dbe9c716f367e41b81749bf510031

  • SSDEEP

    49152:tX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe+:tlRsZ47/QXoHUOfAoj1R

Score
10/10
meshagentnew

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

NEW

C2

http://13.234.32.97:443/agent.ashx

Attributes
  • mesh_id

    0x7F9AF60BBCFEE2681047E9E92C1C1F30BB415F6434A1C33252480810FA3F07D26B5C2689605A1AF0B96D6854258802E6

  • server_id

    7E5EBAE73A5A25D80729B6E87F75EF4C93C5A1CB616630D115B353855C1C957A25631774CDE786A54D66BE17E611BFD0

  • wss

    wss://13.234.32.97:443/agent.ashx

Targets

    • Target

      2024-11-16_d09e8c5ca9d07ee34218889f1c943e4a_ismagent_ryuk_sliver

    • Size

      3.2MB

    • MD5

      d09e8c5ca9d07ee34218889f1c943e4a

    • SHA1

      4328f5a08e2449a56764d78e45ee80f458866296

    • SHA256

      167ccd1d322f35dc98c3dc7533dc87c79a8ecb27bdaa27a95c76787ee7fe6e52

    • SHA512

      2495b8ff61a82ca9f94d072b94ead0e3cde90c8d47b0fcc268114a6c0984b23ebbd0b533179aac208c94f358d08364a3037dbe9c716f367e41b81749bf510031

    • SSDEEP

      49152:tX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe+:tlRsZ47/QXoHUOfAoj1R

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks