Overview

overview

10

Static

static

10

2024-12-04...er.exe

windows7-x64

1

2024-12-04...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-04_4f2a94591d64443489e09f68e1e2b6d9_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241204-ngxaaayqal

  • MD5

    4f2a94591d64443489e09f68e1e2b6d9

  • SHA1

    1bfff35041ed2430fa5fae71e8af137648a239dd

  • SHA256

    a5ee886705d86a104f7e201328167d28d7332f9912c52ca314aa579c8995f890

  • SHA512

    3915f2173acc96d0b1a9660984d13ed627c65e999812af531c213d6b75c388c16a8b7421650203f6d5df0add080dc4be9228b4a3614503f6116a444b5152f2cc

  • SSDEEP

    49152:zX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qw:zlRsZ47/QXoHUOfAoj1x6w

Score
10/10
meshagentoffshoreserver

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

OffshoreServer

C2

http://benitolocker.pro:443/agent.ashx

Attributes
  • mesh_id

    0x7691D241BC3774282423ECC5E92B6ED28F52FB711DD3DF9D36DDF6F5D2D1A21D98301E08672CE96003F3D0791D8ED176

  • server_id

    1D4D11E707A7D5FA47BFB4705F74843B96142CDB21117F5A3F5234811772E225E16EBCE327C6F43112BF2E84F9D71D7D

  • wss

    wss://benitolocker.pro:443/agent.ashx

Targets

    • Target

      2024-12-04_4f2a94591d64443489e09f68e1e2b6d9_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      4f2a94591d64443489e09f68e1e2b6d9

    • SHA1

      1bfff35041ed2430fa5fae71e8af137648a239dd

    • SHA256

      a5ee886705d86a104f7e201328167d28d7332f9912c52ca314aa579c8995f890

    • SHA512

      3915f2173acc96d0b1a9660984d13ed627c65e999812af531c213d6b75c388c16a8b7421650203f6d5df0add080dc4be9228b4a3614503f6116a444b5152f2cc

    • SSDEEP

      49152:zX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qw:zlRsZ47/QXoHUOfAoj1x6w

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks