Overview

overview

10

Static

static

10

2025-01-30...er.exe

windows7-x64

1

2025-01-30...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-01-30_27017e8dde33bd55163badceef041fa3_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250130-yk5e6s1lc1

  • MD5

    27017e8dde33bd55163badceef041fa3

  • SHA1

    01297b036332e90815b3045bfc183a6f79cfd6ff

  • SHA256

    888c5bbe22bef9b69183eb988cd31228d3dc6e32e34434a9b24174b3d523ffe3

  • SHA512

    11ece3cf9c1500d3a104e553d7dff1adfa68877c6c0a8b0b459b937f5beab71ee8adca8e8e5064c371ce551e11be827e5f14114646d9030772396504c062ec58

  • SSDEEP

    49152:4X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QT:4lRsZ47/QXoHUOfAoj1x6T

Score
10/10
meshagenttacticalrmm

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.elmas.local:443/agent.ashx

Attributes
  • mesh_id

    0x5051330A07AD0DF77BE4774D9BEA0ADD69B723634C9FFB2C0AB7E70DDC75FEC348AF734A739BBA2C73431674B59BC049

  • server_id

    9CE191C06F3AFA39ECA5723DC96A6A982DEF9B5B6A144F33D96C61369902CB250616E3D9FBC7050AA4C1C72CF3EF724C

  • wss

    wss://mesh.elmas.local:443/agent.ashx

Targets

    • Target

      2025-01-30_27017e8dde33bd55163badceef041fa3_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      27017e8dde33bd55163badceef041fa3

    • SHA1

      01297b036332e90815b3045bfc183a6f79cfd6ff

    • SHA256

      888c5bbe22bef9b69183eb988cd31228d3dc6e32e34434a9b24174b3d523ffe3

    • SHA512

      11ece3cf9c1500d3a104e553d7dff1adfa68877c6c0a8b0b459b937f5beab71ee8adca8e8e5064c371ce551e11be827e5f14114646d9030772396504c062ec58

    • SSDEEP

      49152:4X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QT:4lRsZ47/QXoHUOfAoj1x6T

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks