General

  • Target

    2024-11-19_1ecd49307abf590b3d7284ae1cea768e_ismagent_ryuk_sliver

  • Size

    3.3MB

  • MD5

    1ecd49307abf590b3d7284ae1cea768e

  • SHA1

    2a925408935735f5c66d2cd4d3ef1794288dcf7c

  • SHA256

    017f485077a0fc7d1bd47c936dc4b501a2676bf9e5914e451a88b5305cd33ef7

  • SHA512

    f4492180a63a00a5232c0d2add3753a332fa4eea50d859aaf3548067b556876b7f2b518911d97bbb4b2a816b1c66d482d40dcf05955dc00b44467bb837adcd90

  • SSDEEP

    49152:HX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe15g/:HlRsZ47/QXoHUOfAoj1gO

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TEST

C2

http://samcerts.com:443/agent.ashx

Attributes
  • mesh_id

    0xF6C00B2E901DEB05DE5B716C5B45369C83F7E1417A2F743B807FE351D432184AA4A6CDD67542AEE46A5DE2346D83F3AC

  • server_id

    AB607DA22C84B90777D9A9334D7B3D96C2CB1E57103C72481576A4F3BC3EE4C75F6DD6C91DF74A93EC9390708F351594

  • wss

    wss://samcerts.com:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-11-19_1ecd49307abf590b3d7284ae1cea768e_ismagent_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections