Overview

overview

10

Static

static

10

2025-01-23...er.exe

windows7-x64

1

2025-01-23...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-23_eba20653c84f340b958d1a6a2ad946cc_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250123-h95t8syqhv

  • MD5

    eba20653c84f340b958d1a6a2ad946cc

  • SHA1

    cc77d4cd4567934298208f9f61fd2196bae5979c

  • SHA256

    0a4d418e880ad47fac4d6f57f580bb6d03d4a25d2bca596e3a3807308cd2c50b

  • SHA512

    4de65e8c3baec5d44a9d978c00caf360803e87d305e0b595fec0672283434f7e87974ff5091bdde91e385ccda788174dcdd79d11407ab70ce956711978127441

  • SSDEEP

    49152:LX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQef5Y:LlRsZ47/QXoHUOfAoj1iG

Score
10/10
meshagentepb

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

EPB

C2

http://ec2-100-24-38-226.compute-1.amazonaws.com:443/agent.ashx

Attributes
  • mesh_id

    0x8394524FF8540F58DC8A9419A0A2C97FE56C74D794032FF00DE1F1576669525765A949D1BE629B8EBFA2141182F58830

  • server_id

    DB70C5BEF3B60ECA757B5BFC260FDB0483F57AA513F6397AC758C3FCCFF694B093B1C27765342A4AC5214AC9942E9B78

  • wss

    wss://ec2-100-24-38-226.compute-1.amazonaws.com:443/agent.ashx

Targets

    • Target

      2025-01-23_eba20653c84f340b958d1a6a2ad946cc_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      eba20653c84f340b958d1a6a2ad946cc

    • SHA1

      cc77d4cd4567934298208f9f61fd2196bae5979c

    • SHA256

      0a4d418e880ad47fac4d6f57f580bb6d03d4a25d2bca596e3a3807308cd2c50b

    • SHA512

      4de65e8c3baec5d44a9d978c00caf360803e87d305e0b595fec0672283434f7e87974ff5091bdde91e385ccda788174dcdd79d11407ab70ce956711978127441

    • SSDEEP

      49152:LX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQef5Y:LlRsZ47/QXoHUOfAoj1iG

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks