Overview

overview

10

Static

static

10

2025-02-28...er.exe

windows7-x64

1

2025-02-28...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-02-28_03077aaaf5b86ef3b411a71cb922841f_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250228-cwbrcaxvhy

  • MD5

    03077aaaf5b86ef3b411a71cb922841f

  • SHA1

    782bd0f5ba42aea1d5d2a82cbb873aca78424202

  • SHA256

    a2d1752e824dd61387807fac3b839ce925be7383aaf0e145d929ecdd9d53960a

  • SHA512

    10b118e62d986b1f727cc7ca5cbaa798adc117dbbec104c59c7525d8675d44ce6fa3c0fae7a02c5928f747811ac49f3b052fb8f908b4f3ae47f76565a313305a

  • SSDEEP

    49152:dX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q6:dlRsZ47/QXoHUOfAoj1x66

Score
10/10
meshagentveshnyaki

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

VESHNYAKI

C2

http://itdobro.ru:443/agent.ashx

Attributes
  • mesh_id

    0x32A518E81177AB982F470DE5A26F37D6D122400060A666E9B6A8B938213A8452035BDA6C7E35B58D3A396315DCB7E795

  • server_id

    790FFF105FCF9D4DA0A56EA117C7C6BF3DF2FCF0E0FA67C7B77C741E21538E85E6B431F13C8E9C558C855A607F929FBA

  • wss

    wss://itdobro.ru:443/agent.ashx

Targets

    • Target

      2025-02-28_03077aaaf5b86ef3b411a71cb922841f_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      03077aaaf5b86ef3b411a71cb922841f

    • SHA1

      782bd0f5ba42aea1d5d2a82cbb873aca78424202

    • SHA256

      a2d1752e824dd61387807fac3b839ce925be7383aaf0e145d929ecdd9d53960a

    • SHA512

      10b118e62d986b1f727cc7ca5cbaa798adc117dbbec104c59c7525d8675d44ce6fa3c0fae7a02c5928f747811ac49f3b052fb8f908b4f3ae47f76565a313305a

    • SSDEEP

      49152:dX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q6:dlRsZ47/QXoHUOfAoj1x66

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks