Overview

overview

10

Static

static

10

2025-01-14...er.exe

windows7-x64

1

2025-01-14...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-14_08bd17c65fabd3ff98eb381fa266bc27_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250114-s186ea1rez

  • MD5

    08bd17c65fabd3ff98eb381fa266bc27

  • SHA1

    20ef1a721a6d264bbbbf6cc388da24e897076c2c

  • SHA256

    7ec2abc3e780440b44ae302f34ef0f11073c49455d425188380a053d204a6978

  • SHA512

    67ae231a2759832240962aa08d34a87d15f2497bd3f42253e137291aab7c9750a3fcfff5bb2fd5617e53b39c3a81ddb34df320531cc75dc623c573eb4b8d1ed7

  • SSDEEP

    49152:FX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QQ:FlRsZ47/QXoHUOfAoj1x6Q

Score
10/10
meshagenttacticalrmm

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.nonocloud.tech:443/agent.ashx

Attributes
  • mesh_id

    0x91EB250AE236D5A2C5856923071A7233A5B7FEEAF6D614C521F5C870C932CA12BF999C9CAD916D39A1D321C47DE7E424

  • server_id

    7A727A11AF451477BA09BB458F533DD79047A36093FDBCD488F27D8EE1030BCFBA558A8CC01F383C6033337985379B96

  • wss

    wss://mesh.nonocloud.tech:443/agent.ashx

Targets

    • Target

      2025-01-14_08bd17c65fabd3ff98eb381fa266bc27_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      08bd17c65fabd3ff98eb381fa266bc27

    • SHA1

      20ef1a721a6d264bbbbf6cc388da24e897076c2c

    • SHA256

      7ec2abc3e780440b44ae302f34ef0f11073c49455d425188380a053d204a6978

    • SHA512

      67ae231a2759832240962aa08d34a87d15f2497bd3f42253e137291aab7c9750a3fcfff5bb2fd5617e53b39c3a81ddb34df320531cc75dc623c573eb4b8d1ed7

    • SSDEEP

      49152:FX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QQ:FlRsZ47/QXoHUOfAoj1x6Q

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks