Overview

overview

10

Static

static

10

2025-01-17...er.exe

windows7-x64

1

2025-01-17...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-17_46e9f32aae20a39cb77dc67328780028_ismagent_ryuk_sliver

  • Size

    3.4MB

  • Sample

    250117-b6pkhsxrbx

  • MD5

    46e9f32aae20a39cb77dc67328780028

  • SHA1

    020e4b4a36fb6d3cc46a4af7d609936137fee40f

  • SHA256

    44775029f1c2af2fab6e633678bd8087c8422dc852db67b48680b60878f7e9dd

  • SHA512

    c615e69b32cbb1b10e7f2081f5eebfa940fe54e29e25e679df81d12d44c5a5f512d61dea5d723bf6bcd772789ace2e889c011b5811e487b43627b3dfdc886f60

  • SSDEEP

    49152:PX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQeG5Ro:PlRsZ47/QXoHUOfAoj1bPo

Score
10/10
meshagentwork

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Work

C2

http://svc.domngn.com:443/agent.ashx

Attributes
  • mesh_id

    0x1402D1DD0CE9DF8279B292A95BF9D505208B4938710CC2F4024C18D802603325A0014D58AC0FAD4D7E9CEEAD748F7700

  • server_id

    405AB0FACF1D3A0959CD0B5B7A54BC2A4B9CD903A6DE863547BA797846F866038226A3EE9C97E847929FCAA70EDF8282

  • wss

    wss://svc.domngn.com:443/agent.ashx

Targets

    • Target

      2025-01-17_46e9f32aae20a39cb77dc67328780028_ismagent_ryuk_sliver

    • Size

      3.4MB

    • MD5

      46e9f32aae20a39cb77dc67328780028

    • SHA1

      020e4b4a36fb6d3cc46a4af7d609936137fee40f

    • SHA256

      44775029f1c2af2fab6e633678bd8087c8422dc852db67b48680b60878f7e9dd

    • SHA512

      c615e69b32cbb1b10e7f2081f5eebfa940fe54e29e25e679df81d12d44c5a5f512d61dea5d723bf6bcd772789ace2e889c011b5811e487b43627b3dfdc886f60

    • SSDEEP

      49152:PX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQeG5Ro:PlRsZ47/QXoHUOfAoj1bPo

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks