Overview

overview

10

Static

static

10

2025-02-12...er.exe

windows7-x64

1

2025-02-12...er.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-02-12_134a6353bfd9c7511c75b1ce24d5cb09_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250212-wzxmrssmbt

  • MD5

    134a6353bfd9c7511c75b1ce24d5cb09

  • SHA1

    ffa7efd3dc30f5d16aae20e46db064be3ee4e4c7

  • SHA256

    909d2d2eba1ff07c6ecb1bb1dbe1c61603122f520eacd0a153b881b655c64339

  • SHA512

    abb372deb08bc0c08acf2059c034e99b28e3d797435c598a2d750ec3f92b6096f818279e1d40d7610b4aa3740c073b325745683e3a1c1e3a56eb27b142252092

  • SSDEEP

    49152:NX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QM:NlRsZ47/QXoHUOfAoj1x6M

Score
10/10
meshagentvmwarediscovery

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

vmware

C2

http://mesh.genta.at:443/agent.ashx

Attributes
  • mesh_id

    0x55C29BBC8AC66271CBE8CDEB6A54E7476F28F4437B67C8A12AF45DE990A71FB8FD0AB93C18E1A1CA7A3F13ADB543FDC6

  • server_id

    6CB00097C26E962C188AC4E384A9110B38EC4F579FF1184440B078BCB01DADE5F4F53D9747051B78E95910DA84764016

  • wss

    wss://mesh.genta.at:443/agent.ashx

Targets

    • Target

      2025-02-12_134a6353bfd9c7511c75b1ce24d5cb09_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      134a6353bfd9c7511c75b1ce24d5cb09

    • SHA1

      ffa7efd3dc30f5d16aae20e46db064be3ee4e4c7

    • SHA256

      909d2d2eba1ff07c6ecb1bb1dbe1c61603122f520eacd0a153b881b655c64339

    • SHA512

      abb372deb08bc0c08acf2059c034e99b28e3d797435c598a2d750ec3f92b6096f818279e1d40d7610b4aa3740c073b325745683e3a1c1e3a56eb27b142252092

    • SSDEEP

      49152:NX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QM:NlRsZ47/QXoHUOfAoj1x6M

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks