meshagent | 915a9ac1222489326e5ae312ca3365a86587f264794a1b0bdc7f4b18a6de1962 | Triage

Sharing

General

Target

c.exe
Size

3.7MB
Sample

250208-lxwycaxray
MD5

34bacef5e0b44c55a9b293d0cc67220b
SHA1

c898260acb34f3dd2e7212109282154e15776091
SHA256

915a9ac1222489326e5ae312ca3365a86587f264794a1b0bdc7f4b18a6de1962
SHA512

61a60ab79a50dd7b13ba5c8ca6886fb8501e5ca1de3185d8ccf33e95da3c5422a741c093edf722d5d9d5ac67094313c454182e158203f3a0df68325381b62fea
SSDEEP

49152:F8o8bZjyJVD0s9Mr3XIfRviWkgEOaxfCbCMcXGtSgvZPOQ5Qo:F8o8VOUs9joRbMc2tSW6o

Score

10^/10

meshagent china-work discovery

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

China-work

C2

http://al3b.duckdns.org:443/agent.ashx

Attributes

mesh_id
0xAFF136F060360F28769D7B7498B6137CD4DEC82BEBABA4F01BA003C8AF4327C230B79ECCDEEBADF978820C981A5FB410
server_id
15AC5E4AEE801455641A960026D6C5E6B5C9E400BE3783B5AF0693C185066487AE520043247FB4EE420B2A74648A3BCA
wss
wss://al3b.duckdns.org:443/agent.ashx

Targets

- Target
  
  c.exe
- Size
  
  3.7MB
- MD5
  
  34bacef5e0b44c55a9b293d0cc67220b
- SHA1
  
  c898260acb34f3dd2e7212109282154e15776091
- SHA256
  
  915a9ac1222489326e5ae312ca3365a86587f264794a1b0bdc7f4b18a6de1962
- SHA512
  
  61a60ab79a50dd7b13ba5c8ca6886fb8501e5ca1de3185d8ccf33e95da3c5422a741c093edf722d5d9d5ac67094313c454182e158203f3a0df68325381b62fea
- SSDEEP
  
  49152:F8o8bZjyJVD0s9Mr3XIfRviWkgEOaxfCbCMcXGtSgvZPOQ5Qo:F8o8VOUs9joRbMc2tSW6o
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

china-workmeshagent

behavioral1

behavioral2