meshagent | 51b4207ed9ef06a4c50808e933fc01ad1eb30613bd65702427bbeddac4c5dc25 | Triage

Sharing

General

Target

r.exe
Size

3.7MB
Sample

250208-lxwmksxrax
MD5

8b0d28eb3818bcd456f1b1aefc00e963
SHA1

90293997a77479780afde11e12562771a45620aa
SHA256

51b4207ed9ef06a4c50808e933fc01ad1eb30613bd65702427bbeddac4c5dc25
SHA512

dbf31aa7b42b2575efdeabcef47b9c4513becfedad9569fda7df9c39b8e10d214e8deaf1c0411c80b4359cd67621e6ec21ebb9a1178aea4900303881e0c0433c
SSDEEP

49152:N8o8bZjyJVD0s9Mr3XIfRviWkgEOaxfCbCMcXGtSgvZPOQ5Q9:N8o8VOUs9joRbMc2tSW69

Score

10^/10

meshagent random discovery

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

random

C2

http://al3b.duckdns.org:443/agent.ashx

Attributes

mesh_id
0x2653DACE0A04C5C7080508FA3BD96242A5D83DCA348BBB19B508D745BB9D8B464355E3A68CBCCFB46DA75F5A4E09059D
server_id
15AC5E4AEE801455641A960026D6C5E6B5C9E400BE3783B5AF0693C185066487AE520043247FB4EE420B2A74648A3BCA
wss
wss://al3b.duckdns.org:443/agent.ashx

Targets

- Target
  
  r.exe
- Size
  
  3.7MB
- MD5
  
  8b0d28eb3818bcd456f1b1aefc00e963
- SHA1
  
  90293997a77479780afde11e12562771a45620aa
- SHA256
  
  51b4207ed9ef06a4c50808e933fc01ad1eb30613bd65702427bbeddac4c5dc25
- SHA512
  
  dbf31aa7b42b2575efdeabcef47b9c4513becfedad9569fda7df9c39b8e10d214e8deaf1c0411c80b4359cd67621e6ec21ebb9a1178aea4900303881e0c0433c
- SSDEEP
  
  49152:N8o8bZjyJVD0s9Mr3XIfRviWkgEOaxfCbCMcXGtSgvZPOQ5Q9:N8o8VOUs9joRbMc2tSW69
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

randommeshagent

behavioral1

behavioral2