meshagent | a38066fc781d3d7dd12f6488795fd72b3b5a6b8396697670bc3b94c06dafd5c0 | Triage

Sharing

General

Target

2025-02-07_b3ecc7efd2d66d78158f20cb61a9c285_ismagent_ryuk_sliver
Size

3.3MB
Sample

250209-qr6ykssmbr
MD5

b3ecc7efd2d66d78158f20cb61a9c285
SHA1

29bcd79250c07d529ec41fac6d494c65edd8da76
SHA256

a38066fc781d3d7dd12f6488795fd72b3b5a6b8396697670bc3b94c06dafd5c0
SHA512

f370f6a82e495528bfafa1c5c70c8d2ead4052da4ef5d4a8cc248517575a9440c2dfae10d06627dd1b5157e53bba23e165bb3e33f0937d082273d10191202525
SSDEEP

49152:AX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQex5:AlRsZ47/QXoHUOfAoj18

Score

10^/10

meshagent admin discovery

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

admin

Attributes

mesh_id
0x2F18A07DA697567A05E81893AE87B5D9E780FA4797BAAC6EE40728F88DCBA51ACBF7AC3F6C1A0C705F9F2A7F3C5D97DE
server_id
AC4D41EE751A5246C1DECBCAD3D4836C09EF7444AF4CAD0F1416B89654E9B4ECC52E53C9B4A361D1BF40EB929F88E4C4
wss
localhost

Targets

- Target
  
  2025-02-07_b3ecc7efd2d66d78158f20cb61a9c285_ismagent_ryuk_sliver
- Size
  
  3.3MB
- MD5
  
  b3ecc7efd2d66d78158f20cb61a9c285
- SHA1
  
  29bcd79250c07d529ec41fac6d494c65edd8da76
- SHA256
  
  a38066fc781d3d7dd12f6488795fd72b3b5a6b8396697670bc3b94c06dafd5c0
- SHA512
  
  f370f6a82e495528bfafa1c5c70c8d2ead4052da4ef5d4a8cc248517575a9440c2dfae10d06627dd1b5157e53bba23e165bb3e33f0937d082273d10191202525
- SSDEEP
  
  49152:AX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQex5:AlRsZ47/QXoHUOfAoj18
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2