Overview

overview

10

Static

static

10

2025-02-20...er.exe

windows7-x64

1

2025-02-20...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-02-20_8f6db35391d109118cc1322ab1f7a28a_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250220-1gx8ssvqgv

  • MD5

    8f6db35391d109118cc1322ab1f7a28a

  • SHA1

    a753f9b2153b1a579f113a77aef585751ffe95b2

  • SHA256

    5022fa1ad394f06cf13a7a6f5b5537d8a604906d791b3d709f2ae9eae2ac0b66

  • SHA512

    5522e519b5e3da89346785da14eb39a58aa34c86f8bb3138d3443628e4f40ed12cc7601ade72304e43b95979edf328b2c16481e299b81a661252c8c8d0427b5f

  • SSDEEP

    49152:yX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QL:ylRsZ47/QXoHUOfAoj1x6L

Score
10/10
meshagenttacticalrmm

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.cwy.tech:443/agent.ashx

Attributes
  • mesh_id

    0x0F9093C8C2454D6574AAA650040DB7A3E1BA6A7D235A291456C34F33553C04C976A617753BDE27DE5BA151D45F59D530

  • server_id

    91C78E34BDD082A99CF4638FC328E9C5BD07FE8FB0A1D149D5188EA0C5EF80B6B146784DCC440DB7EBA85272D1670764

  • wss

    wss://mesh.cwy.tech:443/agent.ashx

Targets

    • Target

      2025-02-20_8f6db35391d109118cc1322ab1f7a28a_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      8f6db35391d109118cc1322ab1f7a28a

    • SHA1

      a753f9b2153b1a579f113a77aef585751ffe95b2

    • SHA256

      5022fa1ad394f06cf13a7a6f5b5537d8a604906d791b3d709f2ae9eae2ac0b66

    • SHA512

      5522e519b5e3da89346785da14eb39a58aa34c86f8bb3138d3443628e4f40ed12cc7601ade72304e43b95979edf328b2c16481e299b81a661252c8c8d0427b5f

    • SSDEEP

      49152:yX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QL:ylRsZ47/QXoHUOfAoj1x6L

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks