Overview

overview

10

Static

static

10

2025-01-21...er.exe

windows7-x64

1

2025-01-21...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-21_f1e069f4ad006d534a245568af920de7_ismagent_ryuk_sliver

  • Size

    3.4MB

  • Sample

    250121-kbfhssvncw

  • MD5

    f1e069f4ad006d534a245568af920de7

  • SHA1

    72f997327faf63b59330c271051ee35d2a41c744

  • SHA256

    b8a03af7363139c3f30eeeb0e83ccfcc99279b92eb431f21409719d5bb15a5be

  • SHA512

    eb757ddf795ae667a8b9ae6272618a26cdcc62de8348f2c14b309b45ac5913468d72842b70f72c3e3f016df78aff437c23028527f1f31fa784bbd3f931a99ffd

  • SSDEEP

    49152:FX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQex5v:FlRsZ47/QXoHUOfAoj1oJ

Score
10/10
meshagentdgaspctm

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

DGASPCTM

C2

http://remote.tcore.net:443/agent.ashx

Attributes
  • mesh_id

    0xA49805526C5F20757F385B04B4CE29D70B9C55B60C9E6E7295E0D412B0E276B56F7997835B08B52AE3DAAF9470A89AC2

  • server_id

    46C4B90DDD18C1EE7472C928019678BF77BA7238D7A8B6CC0101FCDB8457BB1EE8A9136AD72828AA246E7788CB49E2A7

  • wss

    wss://remote.tcore.net:443/agent.ashx

Targets

    • Target

      2025-01-21_f1e069f4ad006d534a245568af920de7_ismagent_ryuk_sliver

    • Size

      3.4MB

    • MD5

      f1e069f4ad006d534a245568af920de7

    • SHA1

      72f997327faf63b59330c271051ee35d2a41c744

    • SHA256

      b8a03af7363139c3f30eeeb0e83ccfcc99279b92eb431f21409719d5bb15a5be

    • SHA512

      eb757ddf795ae667a8b9ae6272618a26cdcc62de8348f2c14b309b45ac5913468d72842b70f72c3e3f016df78aff437c23028527f1f31fa784bbd3f931a99ffd

    • SSDEEP

      49152:FX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQex5v:FlRsZ47/QXoHUOfAoj1oJ

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks