meshagent | 4c4c9a49ebef023dd298e7bb66d1e2bc44b31dda011e06e0e72fee473a488919 | Triage

Sharing

General

Target

2025-01-13_4134e97f4c04b4a26b9404afcffbcab5_ismagent_ryuk_sliver
Size

3.3MB
Sample

250113-mfh6laykes
MD5

4134e97f4c04b4a26b9404afcffbcab5
SHA1

ed0abc410ff164307e2faef0268b805b2b9dc023
SHA256

4c4c9a49ebef023dd298e7bb66d1e2bc44b31dda011e06e0e72fee473a488919
SHA512

f9d8df1075ac90d83e72d0d1c407e368fb8fdc746cf1c7e9ef4cb95332dadb15744d9363b57767a6fe5c3c02d7a262519379c7d3a7593db471ccfd41b4a4462d
SSDEEP

49152:YX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QJ:YlRsZ47/QXoHUOfAoj1x6J

Score

10^/10

meshagent nikoffice

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

NikOffice

C2

http://alexsmirnoff.xyz:444/agent.ashx

Attributes

mesh_id
0x34F00541AEB5820E2455BB455AB13401BD93C363C0D1966D8C8B977D412C01B6D4F63C87832C10781FFAEF6D4594F8BB
server_id
CE392CF2A6C84F8A17EAC204C5A5CB71A08783E65B612B64AE6AA1FA3E4459FC6772C09682E7659F86A9D83F8AF3C28B
wss
wss://alexsmirnoff.xyz:444/agent.ashx

Targets

- Target
  
  2025-01-13_4134e97f4c04b4a26b9404afcffbcab5_ismagent_ryuk_sliver
- Size
  
  3.3MB
- MD5
  
  4134e97f4c04b4a26b9404afcffbcab5
- SHA1
  
  ed0abc410ff164307e2faef0268b805b2b9dc023
- SHA256
  
  4c4c9a49ebef023dd298e7bb66d1e2bc44b31dda011e06e0e72fee473a488919
- SHA512
  
  f9d8df1075ac90d83e72d0d1c407e368fb8fdc746cf1c7e9ef4cb95332dadb15744d9363b57767a6fe5c3c02d7a262519379c7d3a7593db471ccfd41b4a4462d
- SSDEEP
  
  49152:YX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QJ:YlRsZ47/QXoHUOfAoj1x6J
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

nikofficemeshagent

behavioral1

behavioral2