General

  • Target

    2024-11-30_b34f6111ac20300eec3fc2d6abece43f_ismagent_ryuk_sliver

  • Size

    3.3MB

  • MD5

    b34f6111ac20300eec3fc2d6abece43f

  • SHA1

    4c96c8dc8d90b41b70453f3b3935aa663603a980

  • SHA256

    1bf6e18373a263cb48d2f11d8edfb341ea59c603ff4a6b9406cc90f159f6acfa

  • SHA512

    62dbb60987a69aeb2b2fdd3ca700d8fee3cf81d38cf0e74ddf5456d777a65b916690d6e74a7d5b9dbbfd4266fe5ffc3fbb317162f1ad729994266db82b08720b

  • SSDEEP

    49152:9X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q3:9lRsZ47/QXoHUOfAoj1x63

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Planeta Editorial Users

C2

http://soporte.itbsac.com:443/agent.ashx

Attributes
  • mesh_id

    0x1231638166CBD27567B0AC650F41A43784A6A8DD29279041CA080839A49BEDAD5608EF1C772283F37BAC6B4AB4130F0E

  • server_id

    9340433EC74998D3BAFA353D5A8E3BB99BB44ACAD3986CB2E56D3EE5B8DDD4FAE693D896811F647B1D3A67F25F322A0E

  • wss

    wss://soporte.itbsac.com:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-11-30_b34f6111ac20300eec3fc2d6abece43f_ismagent_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections