Overview

overview

10

Static

static

10

2025-01-29...er.exe

windows7-x64

1

2025-01-29...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-29_5c8b45ef15e7403310baf2638215024e_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250129-zmv5ysxrbr

  • MD5

    5c8b45ef15e7403310baf2638215024e

  • SHA1

    80bc63afd3e6d64943eff904b04ea9ecb9858c16

  • SHA256

    76fb9a5b8606da2d4e0222a38b6637456a5c96e81755cf440703f4d431856f6e

  • SHA512

    4492f3ade57f74208b9bbb0d73eb340b0d88ec846ad6af9333e286d5dc6b7a2ebb6f9dcdd5f42a3198c190c2ca52349413f0cbf42c91f8637c42e82b6dbd624a

  • SSDEEP

    49152:BX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q1:BlRsZ47/QXoHUOfAoj1x61

Score
10/10
meshagentwork

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

work

C2

http://13.53.134.114:443/agent.ashx

Attributes
  • mesh_id

    0x7BF885580419C54C52DE85C683F7A26CB320CFD605D12C6AF659B1242A766D527AB7A6D19F64A6846E64F90B120BC0A0

  • server_id

    4DF98B71406A698D681498BCD94753E9402D59027E0A7DFF1F2C0D614A5BDBDE16F780924C953C93B6E516372D781F1E

  • wss

    wss://13.53.134.114:443/agent.ashx

Targets

    • Target

      2025-01-29_5c8b45ef15e7403310baf2638215024e_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      5c8b45ef15e7403310baf2638215024e

    • SHA1

      80bc63afd3e6d64943eff904b04ea9ecb9858c16

    • SHA256

      76fb9a5b8606da2d4e0222a38b6637456a5c96e81755cf440703f4d431856f6e

    • SHA512

      4492f3ade57f74208b9bbb0d73eb340b0d88ec846ad6af9333e286d5dc6b7a2ebb6f9dcdd5f42a3198c190c2ca52349413f0cbf42c91f8637c42e82b6dbd624a

    • SSDEEP

      49152:BX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q1:BlRsZ47/QXoHUOfAoj1x61

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks