meshagent | e85fddfefe038db913c23f059dd0247160e38bb0ed35a7b79812be209919098d | Triage

Sharing

General

Target

2024-12-14_5b111e03e3a1ae1fa39b8975fce007b6_ismagent_ryuk_sliver
Size

3.3MB
Sample

241214-y61n4svmdn
MD5

5b111e03e3a1ae1fa39b8975fce007b6
SHA1

b7caf05df20214f600d6911f78bb6e0c8e14a8d1
SHA256

e85fddfefe038db913c23f059dd0247160e38bb0ed35a7b79812be209919098d
SHA512

62393387acdedc62ccffafeb159b3709250670ed03fcecb9c67536c0548667be1f3280e12e19f2a2db27ecf817ccebb647e4a3844d8a3df44c83a750af3b5f02
SSDEEP

49152:6X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qt:6lRsZ47/QXoHUOfAoj1x6t

Score

10^/10

meshagent news

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

NEWS

C2

http://81.161.238.72:443/agent.ashx

Attributes

mesh_id
0xB37C5714C68C8894605868E1D853EF17F43B6F71FC7458542796E1A5C7DE0168F9397928AE7D1C9F16962C419C0F0A06
server_id
222F5FD12B2EDABDC516BF5B711369DF0E312B41FBDF14B860870239F33F24073BC6C161550FD057502E7EF9AA5B025A
wss
wss://81.161.238.72:443/agent.ashx

Targets

- Target
  
  2024-12-14_5b111e03e3a1ae1fa39b8975fce007b6_ismagent_ryuk_sliver
- Size
  
  3.3MB
- MD5
  
  5b111e03e3a1ae1fa39b8975fce007b6
- SHA1
  
  b7caf05df20214f600d6911f78bb6e0c8e14a8d1
- SHA256
  
  e85fddfefe038db913c23f059dd0247160e38bb0ed35a7b79812be209919098d
- SHA512
  
  62393387acdedc62ccffafeb159b3709250670ed03fcecb9c67536c0548667be1f3280e12e19f2a2db27ecf817ccebb647e4a3844d8a3df44c83a750af3b5f02
- SSDEEP
  
  49152:6X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qt:6lRsZ47/QXoHUOfAoj1x6t
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2