Overview

overview

10

Static

static

10

2025-01-27...er.exe

windows7-x64

1

2025-01-27...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-27_e27ae317723b511bfec3090c9500a438_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250127-txj8jsxqaq

  • MD5

    e27ae317723b511bfec3090c9500a438

  • SHA1

    4616b111e4c55819f77cf8ee4012fa071bb398f0

  • SHA256

    979bdefab85f1693ad27e7ba8e2c12b344e7655ab7770a5e32b183e1c3459d97

  • SHA512

    b8ca719a6bb9164e2b28923424c7f2e8f46bd5b416cd26ec3400bf566e3b1b50459d76bbeba24dc15c1e20dca0ed10be9ed3ecf73ac6c2a1cd0c2e0abe53aa04

  • SSDEEP

    49152:oX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qi:olRsZ47/QXoHUOfAoj1x6i

Score
10/10
meshagentuniqa

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Uniqa

C2

http://192.168.1.20:443/agent.ashx

Attributes
  • mesh_id

    0x39FBF3A279B5A74EBE1DAD6609BCE7EE16E95E2D53C7DB499D1567EF70C46623F87D6A99ABCA9D429CCCFCC76E2C771F

  • server_id

    79DF38562EE6C6F121E1597A999868BACAE682B7CC168B37FC9D2BC6306B449AFB6870BD439735D62B29715A10D84BBB

  • wss

    wss://192.168.1.20:443/agent.ashx

Targets

    • Target

      2025-01-27_e27ae317723b511bfec3090c9500a438_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      e27ae317723b511bfec3090c9500a438

    • SHA1

      4616b111e4c55819f77cf8ee4012fa071bb398f0

    • SHA256

      979bdefab85f1693ad27e7ba8e2c12b344e7655ab7770a5e32b183e1c3459d97

    • SHA512

      b8ca719a6bb9164e2b28923424c7f2e8f46bd5b416cd26ec3400bf566e3b1b50459d76bbeba24dc15c1e20dca0ed10be9ed3ecf73ac6c2a1cd0c2e0abe53aa04

    • SSDEEP

      49152:oX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qi:olRsZ47/QXoHUOfAoj1x6i

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks