Overview

overview

10

Static

static

10

2025-03-06...er.exe

windows7-x64

1

2025-03-06...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-06_dece40c94a0cf7893911680595e4ad80_ismagent_ryuk_sliver

  • Size

    3.4MB

  • Sample

    250306-mcdrpswpw9

  • MD5

    dece40c94a0cf7893911680595e4ad80

  • SHA1

    f67e14763d5706d6c14f66a2e1a9f6059289d075

  • SHA256

    27b5e883c957a9f262bdce914f2ee836c43a95c8ea9775e6aa300f79df1a1809

  • SHA512

    0da1d73c106a4d3423625c22ea15ea1961f3b19a0decff9f993be2db42005cfcecba6e10274538c682de7dc4e7f28a277ed2909448d6ffcc1e42e49b19c8d13a

  • SSDEEP

    49152:odZEy2B6vflQf6X8uZQoy3vR6QVQy5Z+bm4M/HMFvfGW0/wZ7IbOjx859:MHvfGfZvZj1/N/z/A8n

Score
10/10
meshagentrobin

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

robin

C2

http://remoteshare.in:444/agent.ashx

Attributes
  • mesh_id

    0xE58B5309E2E904C809F4EAFEF58ABCC21BBB31CAB12D2159774311B1DDB301025FE559E8E2AD1F392665F28E9DD69B7B

  • server_id

    C6DE5260F3DF733E712F21316EE6EE643ABC568C44EC1AE991C57525DD26FAF883ED8D9A208F6CD34C3CC1CF7943ECD7

  • wss

    wss://remoteshare.in:444/agent.ashx

Targets

    • Target

      2025-03-06_dece40c94a0cf7893911680595e4ad80_ismagent_ryuk_sliver

    • Size

      3.4MB

    • MD5

      dece40c94a0cf7893911680595e4ad80

    • SHA1

      f67e14763d5706d6c14f66a2e1a9f6059289d075

    • SHA256

      27b5e883c957a9f262bdce914f2ee836c43a95c8ea9775e6aa300f79df1a1809

    • SHA512

      0da1d73c106a4d3423625c22ea15ea1961f3b19a0decff9f993be2db42005cfcecba6e10274538c682de7dc4e7f28a277ed2909448d6ffcc1e42e49b19c8d13a

    • SSDEEP

      49152:odZEy2B6vflQf6X8uZQoy3vR6QVQy5Z+bm4M/HMFvfGW0/wZ7IbOjx859:MHvfGfZvZj1/N/z/A8n

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks