Overview

overview

10

Static

static

10

2025-01-02...er.exe

windows7-x64

1

2025-01-02...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-02_45ead0b1a2016b9a139172d60ef602c9_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250102-sxf1fswpgx

  • MD5

    45ead0b1a2016b9a139172d60ef602c9

  • SHA1

    edc75420f2481e0b846d94b5520d6d3d0180ecb3

  • SHA256

    b795f15827e4da7d5218c855209164ba33ca8f21b5ac15d54a91887e81373609

  • SHA512

    d05c23397a8048df9b674b16cae7af818be81fd5ca9e1895f712f92bf5e7335fb7a62c2062096179bb1d939e58b6b0d908ed75beec72bdd3437e56017bfcba89

  • SSDEEP

    49152:ZX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qq:ZlRsZ47/QXoHUOfAoj1x6q

Score
10/10
meshagentjeremy-private

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Jeremy-Private

C2

http://vmmeshcentral.valcousa.valcocincinnatiinc.com:443/agent.ashx

Attributes
  • mesh_id

    0x62C68B96C7642AC94AAFECF1373ABBFB80199E319C9ED1546AF22FBC4703F26FE331C021E2F6316DEA21D22BE9EC3141

  • server_id

    A83B77A5DF7430CCF87EA742D536FFB48DADA0D76FBA37E38D80B84D7D3C2299A343497F112AF2813E143A71E1E506E0

  • wss

    wss://vmmeshcentral.valcousa.valcocincinnatiinc.com:443/agent.ashx

Targets

    • Target

      2025-01-02_45ead0b1a2016b9a139172d60ef602c9_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      45ead0b1a2016b9a139172d60ef602c9

    • SHA1

      edc75420f2481e0b846d94b5520d6d3d0180ecb3

    • SHA256

      b795f15827e4da7d5218c855209164ba33ca8f21b5ac15d54a91887e81373609

    • SHA512

      d05c23397a8048df9b674b16cae7af818be81fd5ca9e1895f712f92bf5e7335fb7a62c2062096179bb1d939e58b6b0d908ed75beec72bdd3437e56017bfcba89

    • SSDEEP

      49152:ZX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qq:ZlRsZ47/QXoHUOfAoj1x6q

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks