meshagent | ba25f8ebac2b55cc744c226010fa3c4422dd77d8aeee495d203715abe8553b27 | Triage

Sharing

General

Target

p.exe
Size

3.7MB
Sample

250208-lxwmksxraw
MD5

ef49068784d28ce24e93fe5db5b89515
SHA1

efc2130707c28a88e47a6e30e72fe5178d68c9db
SHA256

ba25f8ebac2b55cc744c226010fa3c4422dd77d8aeee495d203715abe8553b27
SHA512

a142225e28bb757143cc62b83e2dfe860399d1093ca52876590d0e2d6c3b4c4a7099c00a5c400041b023ef4bfe768ed09ed5a0d88a5a28cafdb704d2fa9427c2
SSDEEP

49152:N8o8bZjyJVD0s9Mr3XIfRviWkgEOaxfCbCMcXGtSgvZPOQ5Qn:N8o8VOUs9joRbMc2tSW6n

Score

10^/10

meshagent privte discovery

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

privte

C2

http://al3b.duckdns.org:443/agent.ashx

Attributes

mesh_id
0xF66EC4967DA3F06727E33111F200D81610C6B050E8A7B1744F808D915D9408F22D674452DE07805FB2AF031CAB82F529
server_id
15AC5E4AEE801455641A960026D6C5E6B5C9E400BE3783B5AF0693C185066487AE520043247FB4EE420B2A74648A3BCA
wss
wss://al3b.duckdns.org:443/agent.ashx

Targets

- Target
  
  p.exe
- Size
  
  3.7MB
- MD5
  
  ef49068784d28ce24e93fe5db5b89515
- SHA1
  
  efc2130707c28a88e47a6e30e72fe5178d68c9db
- SHA256
  
  ba25f8ebac2b55cc744c226010fa3c4422dd77d8aeee495d203715abe8553b27
- SHA512
  
  a142225e28bb757143cc62b83e2dfe860399d1093ca52876590d0e2d6c3b4c4a7099c00a5c400041b023ef4bfe768ed09ed5a0d88a5a28cafdb704d2fa9427c2
- SSDEEP
  
  49152:N8o8bZjyJVD0s9Mr3XIfRviWkgEOaxfCbCMcXGtSgvZPOQ5Qn:N8o8VOUs9joRbMc2tSW6n
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

privtemeshagent

behavioral1

behavioral2