Overview

overview

10

Static

static

10

2024-12-27...er.exe

windows7-x64

1

2024-12-27...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-27_bff9c77a6eb8ba7647a6b2fc9ddf6019_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241227-mjmm7avjcp

  • MD5

    bff9c77a6eb8ba7647a6b2fc9ddf6019

  • SHA1

    10a83dc4e9ebd183c5bca6145baf5d3fc6154c2a

  • SHA256

    879f05e12eb04b6694788f651d258fb0a2dc7f86c5d995d96a403960cca3de39

  • SHA512

    3f85a291e365b0a4ecb247d202fa3e171b37c6c9cadac772b1eb413056e4eb5dc4849e9c73d13c0da62f8bca75cdd3d7d7332fc8850f1fb5d17d230ecdd8ed75

  • SSDEEP

    49152:EX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q8:ElRsZ47/QXoHUOfAoj1x68

Score
10/10
meshagentbentwood

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

BENTWOOD

C2

http://itdobro.ru:443/agent.ashx

Attributes
  • mesh_id

    0xBB112163C71F641E084C3263DB40925C97B027ABC751FE1DCB436E463536E6CC0B85E65077763F27673B0C4BB4FD8778

  • server_id

    790FFF105FCF9D4DA0A56EA117C7C6BF3DF2FCF0E0FA67C7B77C741E21538E85E6B431F13C8E9C558C855A607F929FBA

  • wss

    wss://itdobro.ru:443/agent.ashx

Targets

    • Target

      2024-12-27_bff9c77a6eb8ba7647a6b2fc9ddf6019_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      bff9c77a6eb8ba7647a6b2fc9ddf6019

    • SHA1

      10a83dc4e9ebd183c5bca6145baf5d3fc6154c2a

    • SHA256

      879f05e12eb04b6694788f651d258fb0a2dc7f86c5d995d96a403960cca3de39

    • SHA512

      3f85a291e365b0a4ecb247d202fa3e171b37c6c9cadac772b1eb413056e4eb5dc4849e9c73d13c0da62f8bca75cdd3d7d7332fc8850f1fb5d17d230ecdd8ed75

    • SSDEEP

      49152:EX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q8:ElRsZ47/QXoHUOfAoj1x68

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks