Overview

overview

10

Static

static

10

2024-11-22...er.exe

windows7-x64

1

2024-11-22...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-22_4095007ad8809f18aaaa17eb6314c3eb_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241122-y6x8zstrdl

  • MD5

    4095007ad8809f18aaaa17eb6314c3eb

  • SHA1

    8fa1b77bb04402ac4b93a721357c84e47d8fd7a2

  • SHA256

    986c6412324c6647cff1587bee445b78b74773777c3b0a0a4b173b925b59d07c

  • SHA512

    b74ab55dce377ed733e72b25ad7ae5e9066d05d27393415dc88d21ad8117e4392b32a2961ab3cda4ccf6ec8d6334fd6c3f4a2c3226e94e20d46f95aa613c145c

  • SSDEEP

    49152:nX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QD:nlRsZ47/QXoHUOfAoj1x6D

Score
10/10
meshagentsepa lj13

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

SEPA LJ13

C2

http://129.148.40.229:443/agent.ashx

Attributes
  • mesh_id

    0x00E40CB9C3448C7B88B6DC1E93ACC83162CE9930EEA84B07B5B4A49EDE9AFB9275A5FC351F89152A9A94559699F6FD88

  • server_id

    78964604FEDA057FA0D0B22AA4BF75D21596F410E81348F082E8E46171F949F58A02252F841FA815A7FABBAF748A3610

  • wss

    wss://129.148.40.229:443/agent.ashx

Targets

    • Target

      2024-11-22_4095007ad8809f18aaaa17eb6314c3eb_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      4095007ad8809f18aaaa17eb6314c3eb

    • SHA1

      8fa1b77bb04402ac4b93a721357c84e47d8fd7a2

    • SHA256

      986c6412324c6647cff1587bee445b78b74773777c3b0a0a4b173b925b59d07c

    • SHA512

      b74ab55dce377ed733e72b25ad7ae5e9066d05d27393415dc88d21ad8117e4392b32a2961ab3cda4ccf6ec8d6334fd6c3f4a2c3226e94e20d46f95aa613c145c

    • SSDEEP

      49152:nX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QD:nlRsZ47/QXoHUOfAoj1x6D

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks