Overview

overview

10

Static

static

10

2025-01-05...er.exe

windows7-x64

1

2025-01-05...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-05_29437f8a46bf3c6c7b5b25ca6bea5642_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250105-kgvjxayna1

  • MD5

    29437f8a46bf3c6c7b5b25ca6bea5642

  • SHA1

    e60ad6bcecc540c8bd7e0004b0f783d0875bbfea

  • SHA256

    d248116a03216fa47c5dcf8eaa06d6419c824d68c51e7ce189bb19701a0e8e41

  • SHA512

    ac57dd9e99b8fa22fbb16127c3eb45939a6ee8dbc769168e3019b6767964f4b4b25338c267f9241481a7414bf259129ba41b7c975bea45053b4032a11378dd61

  • SSDEEP

    49152:iX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q0:ilRsZ47/QXoHUOfAoj1x60

Score
10/10
meshagenttacticalrmm

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.duxlab.info:443/agent.ashx

Attributes
  • mesh_id

    0x581AA57501B26E8CDFBE1ADACDDCD536DA32F25224D163B2242F8670E94CDB3B4158DA15762E340060EA92737AC95D37

  • server_id

    DE394B3F0EC1A9D2A367BBCEEF699DD78804DB100350CC2D76453AB3339C06ABB653D2DFE1F7F2049D0056AFF9660FA1

  • wss

    wss://mesh.duxlab.info:443/agent.ashx

Targets

    • Target

      2025-01-05_29437f8a46bf3c6c7b5b25ca6bea5642_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      29437f8a46bf3c6c7b5b25ca6bea5642

    • SHA1

      e60ad6bcecc540c8bd7e0004b0f783d0875bbfea

    • SHA256

      d248116a03216fa47c5dcf8eaa06d6419c824d68c51e7ce189bb19701a0e8e41

    • SHA512

      ac57dd9e99b8fa22fbb16127c3eb45939a6ee8dbc769168e3019b6767964f4b4b25338c267f9241481a7414bf259129ba41b7c975bea45053b4032a11378dd61

    • SSDEEP

      49152:iX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q0:ilRsZ47/QXoHUOfAoj1x60

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks