Overview

overview

10

Static

static

10

2024-12-11...er.exe

windows7-x64

1

2024-12-11...er.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    2024-12-11_4a5286e6736e3a8c9f57ef41d3275ea7_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241211-w1kdtsyjfq

  • MD5

    4a5286e6736e3a8c9f57ef41d3275ea7

  • SHA1

    23ea801f1ef53558095779cb29d8e98c7d0b0435

  • SHA256

    718cc9934a6584c5fe32637f5cc024c9eddb1a55bb67f5d604493087ecc32595

  • SHA512

    c9c2cc266338ba96650479ca4f88b2952d5d8b04ebb5c66d429f6dd19855c0bc56bfe1a4472daae7d6de06ec1706870f6357a1327172f14a94fe1aa2c38f6267

  • SSDEEP

    49152:cX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qu:clRsZ47/QXoHUOfAoj1x6u

Score
10/10
meshagentusers

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Users

C2

http://mesh.scriptkitty.wtf:443/agent.ashx

Attributes
  • mesh_id

    0x06E4F07EBC21FB37CB06A992D8EBB3180DE97DFC3E0C5D1D4FF74D1F0857BC1D6F45B1F46267DBAC3B09A79DDAEBCA75

  • server_id

    842E934DDC460F1D6476D55A449505E1551B8355463BBD20FF823A9A1784A884BB7E7BB1B897B6B324572B701241F7A2

  • wss

    wss://mesh.scriptkitty.wtf:443/agent.ashx

Targets

    • Target

      2024-12-11_4a5286e6736e3a8c9f57ef41d3275ea7_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      4a5286e6736e3a8c9f57ef41d3275ea7

    • SHA1

      23ea801f1ef53558095779cb29d8e98c7d0b0435

    • SHA256

      718cc9934a6584c5fe32637f5cc024c9eddb1a55bb67f5d604493087ecc32595

    • SHA512

      c9c2cc266338ba96650479ca4f88b2952d5d8b04ebb5c66d429f6dd19855c0bc56bfe1a4472daae7d6de06ec1706870f6357a1327172f14a94fe1aa2c38f6267

    • SSDEEP

      49152:cX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qu:clRsZ47/QXoHUOfAoj1x6u

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks