Overview

overview

10

Static

static

10

2024-12-26...er.exe

windows7-x64

1

2024-12-26...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-26_20941c81c4583a4059a5124d94e903fd_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241226-efgnrswpan

  • MD5

    20941c81c4583a4059a5124d94e903fd

  • SHA1

    4b8b4b88225724cae3189a2f3a2b4e8b4573af34

  • SHA256

    b263a0eebdf0f5c7454b20301d339970807270c55eda64ecd24300930b2c33b8

  • SHA512

    0f13f93f4eda3f23294411d8c638891af2903f02b7495ae2a2009cfbc5bec5885b539f24af351ae00e67b14ed2362d245797fc193ef061eb4084144909dc9398

  • SSDEEP

    49152:AX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQeH5W:AlRsZ47/QXoHUOfAoj1qQ

Score
10/10
meshagentin work

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

In Work

C2

http://svc.odwebp.com:443/agent.ashx

Attributes
  • mesh_id

    0xB7A0A1B0F8F629ED87A30F70A87024B5A1F792A2D9FB4D07808A233BC913A980429ACCB067292FC4283A1D2D9519AE63

  • server_id

    C124876C541773871C230C34134AE728E14C628B32D0945B9C56C620D36751541CFD864EB5BF5919C8F9E77F5F731F49

  • wss

    wss://svc.odwebp.com:443/agent.ashx

Targets

    • Target

      2024-12-26_20941c81c4583a4059a5124d94e903fd_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      20941c81c4583a4059a5124d94e903fd

    • SHA1

      4b8b4b88225724cae3189a2f3a2b4e8b4573af34

    • SHA256

      b263a0eebdf0f5c7454b20301d339970807270c55eda64ecd24300930b2c33b8

    • SHA512

      0f13f93f4eda3f23294411d8c638891af2903f02b7495ae2a2009cfbc5bec5885b539f24af351ae00e67b14ed2362d245797fc193ef061eb4084144909dc9398

    • SSDEEP

      49152:AX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQeH5W:AlRsZ47/QXoHUOfAoj1qQ

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks