Overview

overview

10

Static

static

10

2025-02-17...er.exe

windows7-x64

1

2025-02-17...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-02-17_3a4c3e8541840f37cc45a2bafdbec7bf_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250217-z9l6kavk12

  • MD5

    3a4c3e8541840f37cc45a2bafdbec7bf

  • SHA1

    342f4d991bc01cdd303124108efea845c6a46494

  • SHA256

    acb5c86e90f9b360d1c7c3f4473e553a868813ff739e4090da43875f2aa8aad9

  • SHA512

    93a4fe99cacda2a1c199b9cf9bad7c6acc846741051a17abaef41a5e6a89d1247d2cb14b82ed76c952114d007938fb244fed1bde0d0ffa55297de2996cb564a4

  • SSDEEP

    49152:7X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q8:7lRsZ47/QXoHUOfAoj1x68

Score
10/10
meshagentlowell

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Lowell

C2

http://mesh.mcait.net:443/agent.ashx

Attributes
  • mesh_id

    0x7C785671527BF3C7638D5364900F88AC18D5FD64C40B280344C65E4F8313CD1BFD187F8F96B1E744EF1E12FC6ECCD44A

  • server_id

    685BFF97A9A596554D25324908EB40593075F94C3FC35C6092AD96BD1512E3E782EC64BB8B7236A920682A49F84DC275

  • wss

    wss://mesh.mcait.net:443/agent.ashx

Targets

    • Target

      2025-02-17_3a4c3e8541840f37cc45a2bafdbec7bf_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      3a4c3e8541840f37cc45a2bafdbec7bf

    • SHA1

      342f4d991bc01cdd303124108efea845c6a46494

    • SHA256

      acb5c86e90f9b360d1c7c3f4473e553a868813ff739e4090da43875f2aa8aad9

    • SHA512

      93a4fe99cacda2a1c199b9cf9bad7c6acc846741051a17abaef41a5e6a89d1247d2cb14b82ed76c952114d007938fb244fed1bde0d0ffa55297de2996cb564a4

    • SSDEEP

      49152:7X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q8:7lRsZ47/QXoHUOfAoj1x68

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks