Overview

overview

10

Static

static

10

2024-12-14...er.exe

windows7-x64

1

2024-12-14...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-14_4357a4268b1066735d43644fce4c0d41_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241214-twy1bazjfp

  • MD5

    4357a4268b1066735d43644fce4c0d41

  • SHA1

    337c9347935aa1c6660238d5484609cfe14c03ee

  • SHA256

    d4f331b8d16df63a3550c7cd6a18d8d4da6aef267fe249a9a14e4173cf2efc00

  • SHA512

    b61fc522bc592c2ebf88b69e9b4180fcd2c3c9598cd99fb32c104a8191e2207a7bb543700861b165d4d07d4848e0449f67fe0d0d6131b628fa5ab1313561ab55

  • SSDEEP

    49152:GX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q+:GlRsZ47/QXoHUOfAoj1x6+

Score
10/10
meshagentbulutforce_group

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Bulutforce_Group

C2

http://uzak.bulutforce.com:3443/agent.ashx

Attributes
  • mesh_id

    0x34D21D55E7FAAC0C693850DD7862E690084F86E42B312F4D8FCE77CBDCBA9F8669EBB91F8A2D5015A4090A0E3A22B926

  • server_id

    40AFF13C44D2966DDBE65F6241A30D673A7715F98A9A4EB26C6056A7F3F9EB225EBAE4E039CA2879DA9CEC1D91A72AE5

  • wss

    wss://uzak.bulutforce.com:3443/agent.ashx

Targets

    • Target

      2024-12-14_4357a4268b1066735d43644fce4c0d41_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      4357a4268b1066735d43644fce4c0d41

    • SHA1

      337c9347935aa1c6660238d5484609cfe14c03ee

    • SHA256

      d4f331b8d16df63a3550c7cd6a18d8d4da6aef267fe249a9a14e4173cf2efc00

    • SHA512

      b61fc522bc592c2ebf88b69e9b4180fcd2c3c9598cd99fb32c104a8191e2207a7bb543700861b165d4d07d4848e0449f67fe0d0d6131b628fa5ab1313561ab55

    • SSDEEP

      49152:GX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q+:GlRsZ47/QXoHUOfAoj1x6+

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks