Overview

overview

10

Static

static

10

2025-02-15...er.exe

windows7-x64

1

2025-02-15...er.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-02-15_02454feabd17d849a660bd9e9714df7d_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250215-e1dslsvmcy

  • MD5

    02454feabd17d849a660bd9e9714df7d

  • SHA1

    30150c577e5d2d4fde8696c4dfe8a7938a96c48d

  • SHA256

    a1c0cbe2e780d47e3ea8d2272f50c4fabfeca945482d34873b0049dca0861048

  • SHA512

    e485f675be4dc571dd509d7064f6ee5cfa45f8eb04bf419c56442591c5751007d6095abc3e3ede0a4bb7efd37246a276e150df6fa3f62be53b4fa182bc038bbe

  • SSDEEP

    49152:wX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q1:wlRsZ47/QXoHUOfAoj1x61

Score
10/10
meshagenttacticalrmmdiscovery

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://noracpharmamesh.mytrmm.com:443/agent.ashx

Attributes
  • mesh_id

    0x581DD3C8EA2FBD525BFF8DEF2CE4DD0331526FA5D2E3CD5A77CA0B7C044F1714017E87BDED8CA0432AAC0C1E2A47C0ED

  • server_id

    F8D9FBCF521421240521E78C10A5437027FACC6E8DF4671549FA9B5E51ABE83171B3FDCFBF494DD46F570B9A3AA3F98F

  • wss

    wss://noracpharmamesh.mytrmm.com:443/agent.ashx

Targets

    • Target

      2025-02-15_02454feabd17d849a660bd9e9714df7d_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      02454feabd17d849a660bd9e9714df7d

    • SHA1

      30150c577e5d2d4fde8696c4dfe8a7938a96c48d

    • SHA256

      a1c0cbe2e780d47e3ea8d2272f50c4fabfeca945482d34873b0049dca0861048

    • SHA512

      e485f675be4dc571dd509d7064f6ee5cfa45f8eb04bf419c56442591c5751007d6095abc3e3ede0a4bb7efd37246a276e150df6fa3f62be53b4fa182bc038bbe

    • SSDEEP

      49152:wX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q1:wlRsZ47/QXoHUOfAoj1x61

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks