meshagent | a2f41135a41217c45ae6ddad5db193b5454245d08063df1a0393772271639c1c | Triage

Sharing

General

Target

2025-02-28_a4310bc6bab8bb1faa8183d9c17c2be1_ismagent_ryuk_sliver
Size

3.3MB
Sample

250228-lx7pvaypv8
MD5

a4310bc6bab8bb1faa8183d9c17c2be1
SHA1

f2322de4da7f8c13a68b552d02f5b850030f14ff
SHA256

a2f41135a41217c45ae6ddad5db193b5454245d08063df1a0393772271639c1c
SHA512

be5f9a802ec3806853f267e810bff302f5fafd555399f52faa436c849e8bd33e59508e2698453cbd4077628c0ad3bff1636683fcaf4b3cd1cbed9478faff4951
SSDEEP

49152:bX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qx:blRsZ47/QXoHUOfAoj1x6x

Score

10^/10

meshagent patriot ordnance factory

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Patriot Ordnance Factory

C2

http://162.0.213.235:443/agent.ashx

Attributes

mesh_id
0x543EC33855CBB717EDAF3213BB26E5A561E7CF3D41883EE8CF41943A3827356F3614E981B63702B2F746DF70F3CC3D4D
server_id
95C565B94BE035CFD4E742F10753279C58CBB5157492F1027BF26CC76012FFBC368A221A2F25DD47FF0F6918F98A0482
wss
wss://162.0.213.235:443/agent.ashx

Targets

- Target
  
  2025-02-28_a4310bc6bab8bb1faa8183d9c17c2be1_ismagent_ryuk_sliver
- Size
  
  3.3MB
- MD5
  
  a4310bc6bab8bb1faa8183d9c17c2be1
- SHA1
  
  f2322de4da7f8c13a68b552d02f5b850030f14ff
- SHA256
  
  a2f41135a41217c45ae6ddad5db193b5454245d08063df1a0393772271639c1c
- SHA512
  
  be5f9a802ec3806853f267e810bff302f5fafd555399f52faa436c849e8bd33e59508e2698453cbd4077628c0ad3bff1636683fcaf4b3cd1cbed9478faff4951
- SSDEEP
  
  49152:bX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qx:blRsZ47/QXoHUOfAoj1x6x
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

patriot ordnance factorymeshagent

behavioral1

behavioral2