meshagent | 46b327baf87458e04f029d2217cd7592d9c81cc102c9ed454aef3c8b091c28f3 | Triage

Sharing

General

Target

2025-01-21_f600a633b81e6e21d8077ccc8896bfa3_ismagent_ryuk_sliver
Size

3.3MB
Sample

250121-rt1p1sxrbx
MD5

f600a633b81e6e21d8077ccc8896bfa3
SHA1

89763121e5e8c3e032d8f7254bfaf6caaf0f07de
SHA256

46b327baf87458e04f029d2217cd7592d9c81cc102c9ed454aef3c8b091c28f3
SHA512

1e8596a64413d954f854516a72cd738696280e98133681ad644002a08c8aa761100abee229e92b40613f7c6cdd776eda799f0bbcc3e4aa903bda6c28f513d981
SSDEEP

49152:hX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qq:hlRsZ47/QXoHUOfAoj1x6q

Score

10^/10

meshagent tacticalrmm

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.it.zbilk.szczecin.pl:443/agent.ashx

Attributes

mesh_id
0x5A440764366E1F8431EA09A6C9631BA211A7CBDE82B913C2D415AD1D75BF26C0F0062E8579B090A45B7BF6D425575E53
server_id
13D9298547191EB8B949F52E4A3A1D728C30AC8A78B8019EBFA8C9DAF7C32F00ACD7B0ED327D9697F886CCD73C0DB9A9
wss
wss://mesh.it.zbilk.szczecin.pl:443/agent.ashx

Targets

- Target
  
  2025-01-21_f600a633b81e6e21d8077ccc8896bfa3_ismagent_ryuk_sliver
- Size
  
  3.3MB
- MD5
  
  f600a633b81e6e21d8077ccc8896bfa3
- SHA1
  
  89763121e5e8c3e032d8f7254bfaf6caaf0f07de
- SHA256
  
  46b327baf87458e04f029d2217cd7592d9c81cc102c9ed454aef3c8b091c28f3
- SHA512
  
  1e8596a64413d954f854516a72cd738696280e98133681ad644002a08c8aa761100abee229e92b40613f7c6cdd776eda799f0bbcc3e4aa903bda6c28f513d981
- SSDEEP
  
  49152:hX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qq:hlRsZ47/QXoHUOfAoj1x6q
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

tacticalrmmmeshagent

behavioral1

behavioral2