Overview

overview

10

Static

static

10

2025-01-28...er.exe

windows7-x64

1

2025-01-28...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-28_65971a416088881285006d25ca71fb46_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250128-nh9a8sxkbw

  • MD5

    65971a416088881285006d25ca71fb46

  • SHA1

    a66eb0ed4f44e57e6d81398f71bf762674b26d9e

  • SHA256

    47bf59df1a42c84d9c40566a996c1d457c386933975c41ae9c4ba1c1d20d73ce

  • SHA512

    bd4b8817c6fd6c227eb30482527c0087b8be722e3ed8be06a56f0883807ebc3fdc055a85df5c10b3f1593f22ca4d3d49e80de2cfa8d8d1b002cf58c80e740a13

  • SSDEEP

    49152:jX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QG:jlRsZ47/QXoHUOfAoj1x6G

Score
10/10
meshagentgrenoble 6

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Grenoble 6

C2

http://mesh.naturavelo.net:8800/agent.ashx

Attributes
  • mesh_id

    0xA8782FFCA3D74BC4762CCC677803E7F2A59F177A153A46D134A7F3F32F94CBFF525ABB23AF28B5C160433FDBB23949EB

  • server_id

    6FE426E27548B07AB9AD8BBAB5B42533EE8BE342D12C6558107C64AD372A80B5D0E388A642CCCC7826D3311CA7F5797F

  • wss

    wss://mesh.naturavelo.net:8800/agent.ashx

Targets

    • Target

      2025-01-28_65971a416088881285006d25ca71fb46_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      65971a416088881285006d25ca71fb46

    • SHA1

      a66eb0ed4f44e57e6d81398f71bf762674b26d9e

    • SHA256

      47bf59df1a42c84d9c40566a996c1d457c386933975c41ae9c4ba1c1d20d73ce

    • SHA512

      bd4b8817c6fd6c227eb30482527c0087b8be722e3ed8be06a56f0883807ebc3fdc055a85df5c10b3f1593f22ca4d3d49e80de2cfa8d8d1b002cf58c80e740a13

    • SSDEEP

      49152:jX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QG:jlRsZ47/QXoHUOfAoj1x6G

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks