meshagent | 4d21ee1f6110d6528d5150a8e01585dc427c1f05da8bfb9ada909a82d597ed7d | Triage

Sharing

General

Target

2024-11-21_a54f141d36cf5555ea00a5a5a4a79807_ismagent_ryuk_sliver
Size

3.3MB
Sample

241121-pt3s9s1hjf
MD5

a54f141d36cf5555ea00a5a5a4a79807
SHA1

8fefd2b9decd3e0ce116c8058da586857567aafd
SHA256

4d21ee1f6110d6528d5150a8e01585dc427c1f05da8bfb9ada909a82d597ed7d
SHA512

3ca9a7fd4e645396b22d92affd47bfa2e95042fc215c64c6278304430ce14fddc19b7739a83b252eaf72c668c9fb78636bce0fa09a2179da16bcdc4b98aaac53
SSDEEP

49152:YX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QD:YlRsZ47/QXoHUOfAoj1x6D

Score

10^/10

meshagent tacticalrmm

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.trmm.sysinfo.pl:443/agent.ashx

Attributes

mesh_id
0x2B68C2CF806AB92FE55331FD00C3AF98E1A5D6DBBACD82F5E29F0A926F6CB60FBD175CCC9B13F60384BAD0FE27CA80DB
server_id
E7D80A059A063CB5DCA2975FED3B4161B18F1FDA9C7E6C960E3A8C242AC224DECFDDF4053B45913144E8466901200A6A
wss
wss://mesh.trmm.sysinfo.pl:443/agent.ashx

Targets

- Target
  
  2024-11-21_a54f141d36cf5555ea00a5a5a4a79807_ismagent_ryuk_sliver
- Size
  
  3.3MB
- MD5
  
  a54f141d36cf5555ea00a5a5a4a79807
- SHA1
  
  8fefd2b9decd3e0ce116c8058da586857567aafd
- SHA256
  
  4d21ee1f6110d6528d5150a8e01585dc427c1f05da8bfb9ada909a82d597ed7d
- SHA512
  
  3ca9a7fd4e645396b22d92affd47bfa2e95042fc215c64c6278304430ce14fddc19b7739a83b252eaf72c668c9fb78636bce0fa09a2179da16bcdc4b98aaac53
- SSDEEP
  
  49152:YX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QD:YlRsZ47/QXoHUOfAoj1x6D
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

tacticalrmmmeshagent

behavioral1

behavioral2