Overview

overview

10

Static

static

10

2025-02-19...er.exe

windows7-x64

1

2025-02-19...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-02-19_4590f9547090a7d5c2b9af30a8beaa1f_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250219-w3dn3awmaw

  • MD5

    4590f9547090a7d5c2b9af30a8beaa1f

  • SHA1

    326932f2ae41ce18c4ce9cea595c83b9bb346ee1

  • SHA256

    9a3682ca0c7e1db9f897d61444702b57e9473c5fc5f60129c56ffda77c573b75

  • SHA512

    8a967cece85e3f0c2ad2d970c1ffc3dedc3e4d576fa5ddbd1eacbedc0d2baef7052c7171fe4293b4a50c2d69105699589b14a78c677375d890f6c2b63e30ab78

  • SSDEEP

    49152:yX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qr:ylRsZ47/QXoHUOfAoj1x6r

Score
10/10
meshagenttacticalrmm

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://tmesh.pencoproducts.com:443/agent.ashx

Attributes
  • mesh_id

    0x3D73A284CB437CBB02CBC3E663756FD9021F97FB005D52CC0A1B4E53E589469275E3B889C1B798BFC84E00D89FDABEBB

  • server_id

    138B8229AA62B6A3F4D8D9BCA146324F669831FA93371362D269447218FF1EECB8643B94C1A4B7013B0143A756944456

  • wss

    wss://tmesh.pencoproducts.com:443/agent.ashx

Targets

    • Target

      2025-02-19_4590f9547090a7d5c2b9af30a8beaa1f_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      4590f9547090a7d5c2b9af30a8beaa1f

    • SHA1

      326932f2ae41ce18c4ce9cea595c83b9bb346ee1

    • SHA256

      9a3682ca0c7e1db9f897d61444702b57e9473c5fc5f60129c56ffda77c573b75

    • SHA512

      8a967cece85e3f0c2ad2d970c1ffc3dedc3e4d576fa5ddbd1eacbedc0d2baef7052c7171fe4293b4a50c2d69105699589b14a78c677375d890f6c2b63e30ab78

    • SSDEEP

      49152:yX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qr:ylRsZ47/QXoHUOfAoj1x6r

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks