Overview

overview

10

Static

static

10

2024-11-27...er.exe

windows7-x64

1

2024-11-27...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-27_e189c2f9540fda99cf6732b2e780062c_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241127-lqc7nayjhs

  • MD5

    e189c2f9540fda99cf6732b2e780062c

  • SHA1

    db0812cf150583eeeb39bd62daf371415f0820d0

  • SHA256

    9f92a85effbbda129c02c260b79a5f44b7f308b9fd21aa81022a143913d3d17f

  • SHA512

    241f4d2d984e806194f4d47539916f241893a09ad1d7722020f7e6c45ff8f41007cc3138c596ab60eedc3ca389c24ff78097cb8a3ff0a0e7d5a51adbfb985e80

  • SSDEEP

    49152:qX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QT:qlRsZ47/QXoHUOfAoj1x6T

Score
10/10
meshagentall device

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

All Device

C2

http://94.156.250.162:444/agent.ashx

Attributes
  • mesh_id

    0x019F15FDCAF963878BE06D835AAC91C5277E487767B9CE957A40BB29D646513AAF0074AD63E469C9E926A8103EFE49C0

  • server_id

    949AAFC5FD7371C1772AF0F66C099D24D1EE2EAA3BF4C5FFB91983B3E44B9D504815B6A14CEC509DCBB1A852AD919C96

  • wss

    wss://94.156.250.162:444/agent.ashx

Targets

    • Target

      2024-11-27_e189c2f9540fda99cf6732b2e780062c_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      e189c2f9540fda99cf6732b2e780062c

    • SHA1

      db0812cf150583eeeb39bd62daf371415f0820d0

    • SHA256

      9f92a85effbbda129c02c260b79a5f44b7f308b9fd21aa81022a143913d3d17f

    • SHA512

      241f4d2d984e806194f4d47539916f241893a09ad1d7722020f7e6c45ff8f41007cc3138c596ab60eedc3ca389c24ff78097cb8a3ff0a0e7d5a51adbfb985e80

    • SSDEEP

      49152:qX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QT:qlRsZ47/QXoHUOfAoj1x6T

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks