Overview

overview

10

Static

static

10

2024-11-22...er.exe

windows7-x64

1

2024-11-22...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-22_3931c76c8a973e678bb6ca443824d5ca_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241122-w1gb6swjev

  • MD5

    3931c76c8a973e678bb6ca443824d5ca

  • SHA1

    739af76299d2177710c98e0567e04bfaec3e7364

  • SHA256

    2e9c83ebcc6263491cd99dd61839fd42817b633a956741e65eed5b4fcc0e20a9

  • SHA512

    9201e24808cbb349355639b73f530d2c73e731ddbc22de7de5c97c2dcb5c41cdf5dadae8f5af7ef0cea1ce45dd0b68cd2f58a2a58b867b8600153b0058021daf

  • SSDEEP

    49152:dX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QD1:dlRsZ47/QXoHUOfAoj1x6B

Score
10/10
meshagentstarting.center

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

STARTING.CENTER

C2

http://mesh.starting.center:443/agent.ashx

Attributes
  • mesh_id

    0x2974D7A0E074CF2441CAA3168DE2AE11913BC77D7E7EA7F8ABB323E4D12AAFC6D57E5FFB9A27C9EB1568468A9D4669E2

  • server_id

    A3516B6ADE46F263AAE8A2ACBB0300CDB890B0CED523401FCE7962DF0CD11462AA4C693E65A34F19B0D823311E13D6A3

  • wss

    wss://mesh.starting.center:443/agent.ashx

Targets

    • Target

      2024-11-22_3931c76c8a973e678bb6ca443824d5ca_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      3931c76c8a973e678bb6ca443824d5ca

    • SHA1

      739af76299d2177710c98e0567e04bfaec3e7364

    • SHA256

      2e9c83ebcc6263491cd99dd61839fd42817b633a956741e65eed5b4fcc0e20a9

    • SHA512

      9201e24808cbb349355639b73f530d2c73e731ddbc22de7de5c97c2dcb5c41cdf5dadae8f5af7ef0cea1ce45dd0b68cd2f58a2a58b867b8600153b0058021daf

    • SSDEEP

      49152:dX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QD1:dlRsZ47/QXoHUOfAoj1x6B

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks