meshagent | 42c79b82a63dc3faffd5b3d3de57329f3e29fbd2e70c77a57ba8682786d5f2d3 | Triage

Sharing

General

Target

2025-03-09_91106ed1d3cef983f52d397860884ae4_ismagent_ryuk_sliver
Size

3.3MB
Sample

250309-g438saykv3
MD5

91106ed1d3cef983f52d397860884ae4
SHA1

6ad3ac4eab04edf0e86a9ee539b4ca4c9450329e
SHA256

42c79b82a63dc3faffd5b3d3de57329f3e29fbd2e70c77a57ba8682786d5f2d3
SHA512

5701f52b91f93c26702bb4aab9b3448e372f520de025ba81ed375ed6e74ddc7884992330cc440a0ef87b7e1523b0756f77daaa4c785fb89ba61760a928cc5f68
SSDEEP

49152:6X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qe:6lRsZ47/QXoHUOfAoj1x6e

Score

10^/10

meshagent ltech

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

ltech

C2

http://66.179.209.232:443/agent.ashx

Attributes

mesh_id
0x1E754B70EB98EACD9B2ABB6AB8094414B965B60DA4E88292692A65BA5E3DC6DC5CB7243605258178E3EF836DA97B39E5
server_id
55063C2BEDE9AE4B625F5090DBB953969180F7703E0AE4425D5625D1BFFBBE47177A0741AD4F53CDBC24BABCEEE776C1
wss
wss://66.179.209.232:443/agent.ashx

Targets

- Target
  
  2025-03-09_91106ed1d3cef983f52d397860884ae4_ismagent_ryuk_sliver
- Size
  
  3.3MB
- MD5
  
  91106ed1d3cef983f52d397860884ae4
- SHA1
  
  6ad3ac4eab04edf0e86a9ee539b4ca4c9450329e
- SHA256
  
  42c79b82a63dc3faffd5b3d3de57329f3e29fbd2e70c77a57ba8682786d5f2d3
- SHA512
  
  5701f52b91f93c26702bb4aab9b3448e372f520de025ba81ed375ed6e74ddc7884992330cc440a0ef87b7e1523b0756f77daaa4c785fb89ba61760a928cc5f68
- SSDEEP
  
  49152:6X3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qe:6lRsZ47/QXoHUOfAoj1x6e
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2