Overview

overview

10

Static

static

10

2025-02-12...er.exe

windows7-x64

1

2025-02-12...er.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-02-12_9aef765ea8df48ef9a1f8b319024fc64_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250212-s1cr7sxpbw

  • MD5

    9aef765ea8df48ef9a1f8b319024fc64

  • SHA1

    e1399a06beb5b1283c42053f77b12c39e2a6a25b

  • SHA256

    814c5177d331ca0f446fc3999489333e844ee65afe1f50f986991ed9023f4937

  • SHA512

    f72f3ace55b7d9403a861da038ee9d36eff97b8bf79f951963de0d6682fbe02ceb324d865de61831ddae2474967ffb30e920c77d219e0fba7deb7ebb863cafc8

  • SSDEEP

    49152:lX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q5:llRsZ47/QXoHUOfAoj1x65

Score
10/10
meshagentmesa de ayudadiscovery

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Mesa de Ayuda

C2

http://portal.asistencial.com.uy:443/agent.ashx

Attributes
  • mesh_id

    0xFB512C0885DAFCC9EAB49574E8B4B465DCEEF0A6676A7FDF7468B53975BE4783FFEE5F0AEE329E1102A656B7D4CB2CD5

  • server_id

    0DA6E6FB4200B2F8DE8E9B8FFC2F949E99DF1BCF2769AF42C76E6B7FE22EC6E5582CCF8CE91ACE67A9E180EAAD092486

  • wss

    wss://portal.asistencial.com.uy:443/agent.ashx

Targets

    • Target

      2025-02-12_9aef765ea8df48ef9a1f8b319024fc64_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      9aef765ea8df48ef9a1f8b319024fc64

    • SHA1

      e1399a06beb5b1283c42053f77b12c39e2a6a25b

    • SHA256

      814c5177d331ca0f446fc3999489333e844ee65afe1f50f986991ed9023f4937

    • SHA512

      f72f3ace55b7d9403a861da038ee9d36eff97b8bf79f951963de0d6682fbe02ceb324d865de61831ddae2474967ffb30e920c77d219e0fba7deb7ebb863cafc8

    • SSDEEP

      49152:lX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q5:llRsZ47/QXoHUOfAoj1x65

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks