Overview

overview

10

Static

static

10

2025-02-15...er.exe

windows7-x64

1

2025-02-15...er.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-02-15_dec3983ad14c531980e639b10ebec1c5_ismagent_ryuk_sliver

  • Size

    3.2MB

  • Sample

    250215-v4j2ssvpaq

  • MD5

    dec3983ad14c531980e639b10ebec1c5

  • SHA1

    959d730e50f1ee3c86dcf2e43b3cf264e881dc5d

  • SHA256

    e21b371d9738647c6c9ebd6a26257b873c0049cf52938fc9be6df7adfeec38bf

  • SHA512

    b9719f071c9e4fe7352c12691b646c6fc52f80f52b2f8286adda4372bb2c442eb2237ade7ca6c39d0f746fc886193909481251b9ccfbb493b277bdb67851c852

  • SSDEEP

    49152:PX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQeU:PlRsZ47/QXoHUOfAoj1n

Score
10/10
meshagentrobbindiscovery

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

robbin

C2

http://172.232.102.54:443/agent.ashx

Attributes
  • mesh_id

    0xF843C931D6D41192A06910CD216CBBC848B2593C2F62DE60305D39252F33789BCA17507D0ABB84DD3BE615F729B33938

  • server_id

    6BE103485BAC23D50467F1CF77DC0C324944B61664D5F0DBF5AD40BFF7083CCAFC5ECF27219AEDD7E61E561F6EC0267E

  • wss

    wss://172.232.102.54:443/agent.ashx

Targets

    • Target

      2025-02-15_dec3983ad14c531980e639b10ebec1c5_ismagent_ryuk_sliver

    • Size

      3.2MB

    • MD5

      dec3983ad14c531980e639b10ebec1c5

    • SHA1

      959d730e50f1ee3c86dcf2e43b3cf264e881dc5d

    • SHA256

      e21b371d9738647c6c9ebd6a26257b873c0049cf52938fc9be6df7adfeec38bf

    • SHA512

      b9719f071c9e4fe7352c12691b646c6fc52f80f52b2f8286adda4372bb2c442eb2237ade7ca6c39d0f746fc886193909481251b9ccfbb493b277bdb67851c852

    • SSDEEP

      49152:PX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQeU:PlRsZ47/QXoHUOfAoj1n

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks