Overview

overview

10

Static

static

10

2025-02-21...er.exe

windows7-x64

1

2025-02-21...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-02-21_b49d598df2dd2aed22e4243592b74198_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250221-naaspszqds

  • MD5

    b49d598df2dd2aed22e4243592b74198

  • SHA1

    9d352704a66acc101353d182000590f9b9be9850

  • SHA256

    a5cfa3c79e174ceb40a7b838099e6450a8ae9f77bd46cca4a7dfdc8d069008ae

  • SHA512

    4572613aaeb0156eb3268f46c71903c93372b37cb7bd1d4690e3ef8d20c7d381603ccfedfa43436fe684a2389662fa59df61e93ff3310dc84ebb359cf0ea85b8

  • SSDEEP

    49152:4X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q2:4lRsZ47/QXoHUOfAoj1x62

Score
10/10
meshagentcyttek

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Cyttek

C2

http://10.1.1.71:3000/agent.ashx

Attributes
  • mesh_id

    0x33BCBC6EDD36E22F885929FA26B07DE188E576702268A79811892E3F9B38ACC58086A4A60A39F40BD97D1132B8DFD4BB

  • server_id

    52DFECFC819361708A697DA9AE54D91BF4AB2DC28A5983EDF91CD6F4940346582C0CB8B5ED0138A4ED30E687F68C9DEC

  • wss

    wss://10.1.1.71:3000/agent.ashx

Targets

    • Target

      2025-02-21_b49d598df2dd2aed22e4243592b74198_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      b49d598df2dd2aed22e4243592b74198

    • SHA1

      9d352704a66acc101353d182000590f9b9be9850

    • SHA256

      a5cfa3c79e174ceb40a7b838099e6450a8ae9f77bd46cca4a7dfdc8d069008ae

    • SHA512

      4572613aaeb0156eb3268f46c71903c93372b37cb7bd1d4690e3ef8d20c7d381603ccfedfa43436fe684a2389662fa59df61e93ff3310dc84ebb359cf0ea85b8

    • SSDEEP

      49152:4X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q2:4lRsZ47/QXoHUOfAoj1x62

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks