meshagent | d04f66d478b6abd76cc1b5ebb6cad16b79e1549bd90ca628947b0b61e45d1eda | Triage

Sharing

General

Target

SecuriteInfo.com.Program.MeshAgent.1.25281.16402.exe
Size

3.7MB
Sample

250218-e26j1sxlay
MD5

198f7f57807a2ed03695dfdf7ccfecef
SHA1

3849d4cfaa17bb8f7d382e1b521b05b2509a644b
SHA256

d04f66d478b6abd76cc1b5ebb6cad16b79e1549bd90ca628947b0b61e45d1eda
SHA512

b4518434580502065a838b822f226b01d5b00b773ee7769bc52c11282d71a8d1a1f130aae4dc3b8db50c1bd1ef1f6eedfa60d4f9e6a97e543bc9d4ca09a7a707
SSDEEP

49152:k8o8bZjyJVD0s9Mr3XIfRviWkgEOaxfCbCMcXGtSgvZPOQ5Qm:k8o8VOUs9joRbMc2tSW6m

Score

10^/10

meshagent 1c discovery

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

1C

C2

http://techsupport.myftp.org:443/agent.ashx

Attributes

mesh_id
0xE79DFA6385DB8C0A61E725103709E16E6583682A2969663E5F84D92142BBC08899A1BE33A92CCA67B5E719BA831081ED
server_id
A5D0014DC4EDF37515379D28C8FA94CF07B7E21E122A1EC1CF8EC599571CA6527C3C23F8EDB99AD0C14EBB3BE704B0ED
wss
wss://techsupport.myftp.org:443/agent.ashx

Targets

- Target
  
  SecuriteInfo.com.Program.MeshAgent.1.25281.16402.exe
- Size
  
  3.7MB
- MD5
  
  198f7f57807a2ed03695dfdf7ccfecef
- SHA1
  
  3849d4cfaa17bb8f7d382e1b521b05b2509a644b
- SHA256
  
  d04f66d478b6abd76cc1b5ebb6cad16b79e1549bd90ca628947b0b61e45d1eda
- SHA512
  
  b4518434580502065a838b822f226b01d5b00b773ee7769bc52c11282d71a8d1a1f130aae4dc3b8db50c1bd1ef1f6eedfa60d4f9e6a97e543bc9d4ca09a7a707
- SSDEEP
  
  49152:k8o8bZjyJVD0s9Mr3XIfRviWkgEOaxfCbCMcXGtSgvZPOQ5Qm:k8o8VOUs9joRbMc2tSW6m
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2