meshagent | 137d45708273f8dc4e94d1b1e310d56f51a5378526939de55516acadc6bbc3fa | Triage

Sharing

General

Target

2024-11-22_78251f0badb3523e297ad139de5aa5a1_hijackloader_ismagent_ryuk
Size

3.3MB
Sample

241122-lhq4jstran
MD5

78251f0badb3523e297ad139de5aa5a1
SHA1

b4ed453b00c2bbc1913eb29d3857403bc7a2bfe1
SHA256

137d45708273f8dc4e94d1b1e310d56f51a5378526939de55516acadc6bbc3fa
SHA512

ca1d6ada9ebf02560aef061d19daf26bff317eaf303cbcbeb5ec97513642105cdabee03718d3ad56c6421b8c39b777eb72b23181e3750efc0107a932b296e904
SSDEEP

49152:1X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qj:1lRsZ47/QXoHUOfAoj1x6j

Score

10^/10

meshagent ezra search

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Ezra Search

C2

http://fksxs.com:443/agent.ashx

Attributes

mesh_id
0xC2EC970408FE6E22C65F962A8C9B2699AFED43449426DA3963396B62F831FAB8D30B580379ED0DA8213A148EA2A77206
server_id
E95B8EA705702A9EA90C12873DAE76CC40727C6532619C8DAFDC6770F0721B91809B854CE28C8BA10E9DCDC3157FE07B
wss
wss://fksxs.com:443/agent.ashx

Targets

- Target
  
  2024-11-22_78251f0badb3523e297ad139de5aa5a1_hijackloader_ismagent_ryuk
- Size
  
  3.3MB
- MD5
  
  78251f0badb3523e297ad139de5aa5a1
- SHA1
  
  b4ed453b00c2bbc1913eb29d3857403bc7a2bfe1
- SHA256
  
  137d45708273f8dc4e94d1b1e310d56f51a5378526939de55516acadc6bbc3fa
- SHA512
  
  ca1d6ada9ebf02560aef061d19daf26bff317eaf303cbcbeb5ec97513642105cdabee03718d3ad56c6421b8c39b777eb72b23181e3750efc0107a932b296e904
- SSDEEP
  
  49152:1X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qj:1lRsZ47/QXoHUOfAoj1x6j
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

ezra searchmeshagent

behavioral1

behavioral2