Overview

overview

10

Static

static

10

2024-12-18...er.exe

windows7-x64

1

2024-12-18...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-18_f1b261f87be94f2a799ab6e2c7206584_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241218-pvq6vsyqhx

  • MD5

    f1b261f87be94f2a799ab6e2c7206584

  • SHA1

    879ce21ac6723ba75c887ab10664fe349c1a3d24

  • SHA256

    9c926fbd1f2848f013073504c5bac57478bb1ad7ba0642ecb833eb5c7cbcefd8

  • SHA512

    bcbebc6376d75276b858b8fe154e5f9db24dec8cf20fd368be3f6188ec0332d48649dea020820bc59899971c568e58dd5a75a06831e5fbc797425233c448660a

  • SSDEEP

    49152:vX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QD6:vlRsZ47/QXoHUOfAoj1x6G

Score
10/10
meshagentjan

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Jan

C2

http://mca.drijversbusinessgroup.com:6444/agent.ashx

Attributes
  • mesh_id

    0x0C308929090BCCA5BAB8EA048CF002323C3FD75FA29FC9B475325B3F550156E4A9306FB40F06E127D791F2FE88BBC517

  • server_id

    C744FF7728B136B080C56233C9647AE9CA6FE3D8540F312B1CF4F696669812A9B8236BB0C56B9BD49033B53D5DB96C1D

  • wss

    wss://mca.drijversbusinessgroup.com:6444/agent.ashx

Targets

    • Target

      2024-12-18_f1b261f87be94f2a799ab6e2c7206584_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      f1b261f87be94f2a799ab6e2c7206584

    • SHA1

      879ce21ac6723ba75c887ab10664fe349c1a3d24

    • SHA256

      9c926fbd1f2848f013073504c5bac57478bb1ad7ba0642ecb833eb5c7cbcefd8

    • SHA512

      bcbebc6376d75276b858b8fe154e5f9db24dec8cf20fd368be3f6188ec0332d48649dea020820bc59899971c568e58dd5a75a06831e5fbc797425233c448660a

    • SSDEEP

      49152:vX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QD6:vlRsZ47/QXoHUOfAoj1x6G

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks