Overview

overview

10

Static

static

10

2024-11-22...er.exe

windows7-x64

1

2024-11-22...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-22_2d3ecad5ecaecf445107b8b9a41eab3f_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241122-f489cs1lhr

  • MD5

    2d3ecad5ecaecf445107b8b9a41eab3f

  • SHA1

    a9ccecf5e324d216c689294b114cc02e720adad4

  • SHA256

    0a0ec9ad791480fbdd4de71d565d1ab810a6cfbca6b2a2cb3cedb2a4ffe6e1fb

  • SHA512

    b67468256df8bde49609966eaf2fc70094dbd339dbad175c146e3699132da30f6981063948337e7930fb64b708161b953225849d15b202766db9de9adaebed81

  • SSDEEP

    49152:hX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QZ:hlRsZ47/QXoHUOfAoj1x6Z

Score
10/10
meshagenttacticalrmm

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.stevekole.com:443/agent.ashx

Attributes
  • mesh_id

    0x504A2C4C109AC6CA15298BD33EA6EAE4AB550E6BDECA1E4DE51AE51B653C69F8E77B696D8751ABE7DEE8646D0153E99D

  • server_id

    A558EE0A04EA5C6FAFD8DC19B6D9AFB2F5F6FB93007DD7D131B5A793AEEA42883392D10FD0EDBC40CEE821F4B4091FF8

  • wss

    wss://mesh.stevekole.com:443/agent.ashx

Targets

    • Target

      2024-11-22_2d3ecad5ecaecf445107b8b9a41eab3f_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      2d3ecad5ecaecf445107b8b9a41eab3f

    • SHA1

      a9ccecf5e324d216c689294b114cc02e720adad4

    • SHA256

      0a0ec9ad791480fbdd4de71d565d1ab810a6cfbca6b2a2cb3cedb2a4ffe6e1fb

    • SHA512

      b67468256df8bde49609966eaf2fc70094dbd339dbad175c146e3699132da30f6981063948337e7930fb64b708161b953225849d15b202766db9de9adaebed81

    • SSDEEP

      49152:hX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QZ:hlRsZ47/QXoHUOfAoj1x6Z

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks