Overview

overview

10

Static

static

10

2025-01-03...er.exe

windows7-x64

1

2025-01-03...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-03_580fc5d7486b62bb10bbcfb84f208771_ismagent_ryuk_sliver

  • Size

    3.4MB

  • Sample

    250103-mg84ea1pej

  • MD5

    580fc5d7486b62bb10bbcfb84f208771

  • SHA1

    ccc632881de8c0c744f3ea43db5b6ef03ca817a7

  • SHA256

    9e5d8cc34801065b5de81da32feae68b4b43c64eb764a79666f3938f5543e84a

  • SHA512

    bdb8cb20f0e77c1b122149741256e9ab418fe70094df015de66b4ba69bc866c1843edfd88fd86032d9b7aa222a275b7d411c12558e58af6b4713ce96e832baaa

  • SSDEEP

    49152:MX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQed5k:MlRsZ47/QXoHUOfAoj1I+

Score
10/10
meshagentrobin

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

robin

C2

http://remoteshare.in:443/agent.ashx

Attributes
  • mesh_id

    0xE58B5309E2E904C809F4EAFEF58ABCC21BBB31CAB12D2159774311B1DDB301025FE559E8E2AD1F392665F28E9DD69B7B

  • server_id

    C6DE5260F3DF733E712F21316EE6EE643ABC568C44EC1AE991C57525DD26FAF883ED8D9A208F6CD34C3CC1CF7943ECD7

  • wss

    wss://remoteshare.in:443/agent.ashx

Targets

    • Target

      2025-01-03_580fc5d7486b62bb10bbcfb84f208771_ismagent_ryuk_sliver

    • Size

      3.4MB

    • MD5

      580fc5d7486b62bb10bbcfb84f208771

    • SHA1

      ccc632881de8c0c744f3ea43db5b6ef03ca817a7

    • SHA256

      9e5d8cc34801065b5de81da32feae68b4b43c64eb764a79666f3938f5543e84a

    • SHA512

      bdb8cb20f0e77c1b122149741256e9ab418fe70094df015de66b4ba69bc866c1843edfd88fd86032d9b7aa222a275b7d411c12558e58af6b4713ce96e832baaa

    • SSDEEP

      49152:MX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQed5k:MlRsZ47/QXoHUOfAoj1I+

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks