Overview

overview

10

Static

static

10

2024-12-10...er.exe

windows7-x64

1

2024-12-10...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-10_f311f67747d57f8e70b19e399885d341_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241210-w5drvatjby

  • MD5

    f311f67747d57f8e70b19e399885d341

  • SHA1

    ca8056aa2695de8e998fa0f2814995a1bd55aa54

  • SHA256

    c22d67153a3235c45b1cf725a39d6bc98fb8d8243ec2c13264ae6e434125df12

  • SHA512

    1be7681e30252bbaece12e05446e5c3af3581ad9b5b2c9199441b1c9b629bf6f4b7e8a47feefd772b3f2b4a20e1dc5144411eea6d7f83976f3a3004e910f3c83

  • SSDEEP

    49152:wX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q7:wlRsZ47/QXoHUOfAoj1x67

Score
10/10
meshagenttacticalrmm

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.microtiq.com:443/agent.ashx

Attributes
  • mesh_id

    0x038972B341D39220519A5FE5D7A92B93F69C836AD4E1EACFE6066BEB067C537DFECA218FB7ED2FF6D1B1A2CCB5DB43CA

  • server_id

    B228846B3E73AE6D2A411403E15A8630E9B926A020C682FC40352303BFFFF7BFF307C3C78895436B4610631A391333F7

  • wss

    wss://mesh.microtiq.com:443/agent.ashx

Targets

    • Target

      2024-12-10_f311f67747d57f8e70b19e399885d341_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      f311f67747d57f8e70b19e399885d341

    • SHA1

      ca8056aa2695de8e998fa0f2814995a1bd55aa54

    • SHA256

      c22d67153a3235c45b1cf725a39d6bc98fb8d8243ec2c13264ae6e434125df12

    • SHA512

      1be7681e30252bbaece12e05446e5c3af3581ad9b5b2c9199441b1c9b629bf6f4b7e8a47feefd772b3f2b4a20e1dc5144411eea6d7f83976f3a3004e910f3c83

    • SSDEEP

      49152:wX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q7:wlRsZ47/QXoHUOfAoj1x67

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks