meshagent | 8c050551019cbd3388affebbc0cd9c69ab565ca4c88d4388185e7baff2c6f3e4 | Triage

Sharing

General

Target

2025-02-17_ef0e6cca86d589f1f58eebeec2389dc7_ismagent_ryuk_sliver
Size

3.3MB
Sample

250217-ngltjszks4
MD5

ef0e6cca86d589f1f58eebeec2389dc7
SHA1

6794f4d169f9ffed8e5f0e516e4f4bd046314e8e
SHA256

8c050551019cbd3388affebbc0cd9c69ab565ca4c88d4388185e7baff2c6f3e4
SHA512

46388a50b93ada414884eefb437bc7ab2f771afd3d91c73c3a683962a5b89aa722bf6456422bbea1cb5426572299b2039583751b4430abf2e9ed0752ff14bfd1
SSDEEP

49152:FX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qt:FlRsZ47/QXoHUOfAoj1x6t

Score

10^/10

meshagent home discovery

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

HOME

C2

http://itdobro.ru:443/agent.ashx

Attributes

mesh_id
0x0B45FC580E0DF57C7B6F01B5A7D0F6ADF80265C93CA213C57F625CD28D30AE9F09978EAF4FB573A6BA56E34356188719
server_id
790FFF105FCF9D4DA0A56EA117C7C6BF3DF2FCF0E0FA67C7B77C741E21538E85E6B431F13C8E9C558C855A607F929FBA
wss
wss://itdobro.ru:443/agent.ashx

Targets

- Target
  
  2025-02-17_ef0e6cca86d589f1f58eebeec2389dc7_ismagent_ryuk_sliver
- Size
  
  3.3MB
- MD5
  
  ef0e6cca86d589f1f58eebeec2389dc7
- SHA1
  
  6794f4d169f9ffed8e5f0e516e4f4bd046314e8e
- SHA256
  
  8c050551019cbd3388affebbc0cd9c69ab565ca4c88d4388185e7baff2c6f3e4
- SHA512
  
  46388a50b93ada414884eefb437bc7ab2f771afd3d91c73c3a683962a5b89aa722bf6456422bbea1cb5426572299b2039583751b4430abf2e9ed0752ff14bfd1
- SSDEEP
  
  49152:FX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qt:FlRsZ47/QXoHUOfAoj1x6t
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2