Overview

overview

10

Static

static

10

2024-12-11...er.exe

windows7-x64

1

2024-12-11...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-11_341be12c967618ec1f15c1a5abd93f23_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241211-qnhftaymfn

  • MD5

    341be12c967618ec1f15c1a5abd93f23

  • SHA1

    3aeb6aa534138682d70173cd4a7d3d02a948cfe1

  • SHA256

    94552c3cf5c6fd5b158c621d990fa378e8297de6b349b3f1481483596fdc2dd6

  • SHA512

    65d473b85dd0637dde4d485ef3bbd7ce322a2bf56c7d2c920b3d2388ed5ecc154df717ada42186bb99a2679fed3f0f5b902bd1d7dee6b923f3b941fc54fe65e4

  • SSDEEP

    49152:kX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QU:klRsZ47/QXoHUOfAoj1x6U

Score
10/10
meshagentsts

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

STS

C2

http://rd.hilsa.ru:443/agent.ashx

Attributes
  • mesh_id

    0x08E17B3B4EE1F49166E86BB640C448CA61BEF0C84D0DB91FB8D805D7F89B828AC5F0C06A6AAD6791ECD7DBE13C5F9711

  • server_id

    9A101DC5B6D6A6A8D8630A93A9737D2A930969808D133C8274391E1BB9FA65A0305FC28F860F68A03247438F3FEE32D0

  • wss

    wss://rd.hilsa.ru:443/agent.ashx

Targets

    • Target

      2024-12-11_341be12c967618ec1f15c1a5abd93f23_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      341be12c967618ec1f15c1a5abd93f23

    • SHA1

      3aeb6aa534138682d70173cd4a7d3d02a948cfe1

    • SHA256

      94552c3cf5c6fd5b158c621d990fa378e8297de6b349b3f1481483596fdc2dd6

    • SHA512

      65d473b85dd0637dde4d485ef3bbd7ce322a2bf56c7d2c920b3d2388ed5ecc154df717ada42186bb99a2679fed3f0f5b902bd1d7dee6b923f3b941fc54fe65e4

    • SSDEEP

      49152:kX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QU:klRsZ47/QXoHUOfAoj1x6U

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks