General

  • Target

    2024-11-27_e189c2f9540fda99cf6732b2e780062c_ismagent_ryuk_sliver

  • Size

    3.3MB

  • MD5

    e189c2f9540fda99cf6732b2e780062c

  • SHA1

    db0812cf150583eeeb39bd62daf371415f0820d0

  • SHA256

    9f92a85effbbda129c02c260b79a5f44b7f308b9fd21aa81022a143913d3d17f

  • SHA512

    241f4d2d984e806194f4d47539916f241893a09ad1d7722020f7e6c45ff8f41007cc3138c596ab60eedc3ca389c24ff78097cb8a3ff0a0e7d5a51adbfb985e80

  • SSDEEP

    49152:qX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QT:qlRsZ47/QXoHUOfAoj1x6T

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

All Device

C2

http://94.156.250.162:444/agent.ashx

Attributes
  • mesh_id

    0x019F15FDCAF963878BE06D835AAC91C5277E487767B9CE957A40BB29D646513AAF0074AD63E469C9E926A8103EFE49C0

  • server_id

    949AAFC5FD7371C1772AF0F66C099D24D1EE2EAA3BF4C5FFB91983B3E44B9D504815B6A14CEC509DCBB1A852AD919C96

  • wss

    wss://94.156.250.162:444/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-11-27_e189c2f9540fda99cf6732b2e780062c_ismagent_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections