Overview

overview

10

Static

static

10

2025-02-08...er.exe

windows7-x64

1

2025-02-08...er.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-02-08_7441b42e85f28e6687b2638a12ff5bc5_ismagent_ryuk_sliver

  • Size

    3.2MB

  • Sample

    250208-mdpklazrgp

  • MD5

    7441b42e85f28e6687b2638a12ff5bc5

  • SHA1

    b4e98e722d72bb6ef3eb68b77c605b1b7b0c2481

  • SHA256

    7ac85e4c2ea87c8e69b05f5d16947ced622fbf6ee73e69ec4cdd712f8dcf2cc5

  • SHA512

    3e08a85307fe7591297831d959582ab33250980ebef34143168e9625d84ab0403dfc1f6a138be40d5eaf3bebf428adb85eba76fb6586b6c713a28b7707c42562

  • SSDEEP

    49152:AX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe4:AlRsZ47/QXoHUOfAoj1n

Score
10/10
meshagenttempdiscovery

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Temp

C2

http://172.236.83.83:443/agent.ashx

Attributes
  • mesh_id

    0x0E45A78A5F16DBAF8BD2473CB202223C235E18699BFDD8E4C3C82A1BEA3E777130DDB6734BFB33833460E51A59F0362A

  • server_id

    A3E8310746BD426DA323726ABC4AD08369CE25D636E124043B71652574208BC63CD1F25F6301779C8B948CFA14A53E6B

  • wss

    wss://172.236.83.83:443/agent.ashx

Targets

    • Target

      2025-02-08_7441b42e85f28e6687b2638a12ff5bc5_ismagent_ryuk_sliver

    • Size

      3.2MB

    • MD5

      7441b42e85f28e6687b2638a12ff5bc5

    • SHA1

      b4e98e722d72bb6ef3eb68b77c605b1b7b0c2481

    • SHA256

      7ac85e4c2ea87c8e69b05f5d16947ced622fbf6ee73e69ec4cdd712f8dcf2cc5

    • SHA512

      3e08a85307fe7591297831d959582ab33250980ebef34143168e9625d84ab0403dfc1f6a138be40d5eaf3bebf428adb85eba76fb6586b6c713a28b7707c42562

    • SSDEEP

      49152:AX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe4:AlRsZ47/QXoHUOfAoj1n

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks