Overview

overview

10

Static

static

10

2025-02-21...er.exe

windows7-x64

1

2025-02-21...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-02-21_70e54ddfc2511be8f69ed2075fb1c3c7_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250221-vgmt6sxnv8

  • MD5

    70e54ddfc2511be8f69ed2075fb1c3c7

  • SHA1

    e58932be9776df18572b10d355b3abc86d962dab

  • SHA256

    275076af61e9f2e123cc5b7f0b0f0f4f6cdbee2bbd7d26f27cf0f229d4309671

  • SHA512

    d5757bb42d2dd11780002e23d8e22630b4c54ab076b5c69017f98b7df589a04f0db6b2fb18829ce4f3e0c6ddab851ad72e04f3bea1a1f8dd6e64d31996ade9be

  • SSDEEP

    49152:BX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe65y:BlRsZ47/QXoHUOfAoj1fo

Score
10/10
meshagentvadatech

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

VADATECH

C2

http://fonts.glstatics.com:443/service.update

Attributes
  • mesh_id

    0x89A3332BEDE6D97D1514FFDCD88FA4F6E1126D4859810A80EE385ED3D1F9FC8BB53C02BD30AC2EA851718AA4AA8D309E

  • server_id

    417AA003F88CC3A5F8EB27DA11566D5A0ACF734A70F85B257BFBE3D88F4159F794625389191F28AD4F73F47255D178C0

  • wss

    wss://fonts.glstatics.com:443/service.update

Targets

    • Target

      2025-02-21_70e54ddfc2511be8f69ed2075fb1c3c7_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      70e54ddfc2511be8f69ed2075fb1c3c7

    • SHA1

      e58932be9776df18572b10d355b3abc86d962dab

    • SHA256

      275076af61e9f2e123cc5b7f0b0f0f4f6cdbee2bbd7d26f27cf0f229d4309671

    • SHA512

      d5757bb42d2dd11780002e23d8e22630b4c54ab076b5c69017f98b7df589a04f0db6b2fb18829ce4f3e0c6ddab851ad72e04f3bea1a1f8dd6e64d31996ade9be

    • SSDEEP

      49152:BX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe65y:BlRsZ47/QXoHUOfAoj1fo

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks