General

  • Target

    z.zip

  • Size

    10.7MB

  • MD5

    86058542301cde575454f8158b4ce386

  • SHA1

    e15e8a880965aed36f901b078e8c3910f9b0541a

  • SHA256

    6e31c9573c9a00fbc1945186c66bfcced4dcbd3d0f53db5d75ea9f7a3f8a7976

  • SHA512

    96def11ea2f779e16373b95ad42c42a2a1449951150df04111db860ab96fe637e768e69fd930497d8b1b0e0c480203f49ee1be803470af5604b7c51a575a88cd

  • SSDEEP

    196608:a3yuY1LgTHf96ZLUWpSsrCoeYtdn2VtmwI86kdjc2eh/zIbTJdBtRRY9JCv:4mETH0ZLhSsrCoR/nE9TVcWvRYE

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

traffic-vc

C2

http://162.0.213.235:443/agent.ashx

http://209.74.64.169:443/agent.ashx

http://162.254.38.170:443/agent.ashx

http://209.74.77.82:443/agent.ashx

http://66.29.131.85:443/agent.ashx

Attributes
  • mesh_id

    0xB1C45FED5569BA8EA2AEFA5B7F96E1A369A830758052E01439318F7DAE34EBD045AAD08F3074DE3C397578EC21921DF7

  • server_id

    95C565B94BE035CFD4E742F10753279C58CBB5157492F1027BF26CC76012FFBC368A221A2F25DD47FF0F6918F98A0482

  • wss

    wss://162.0.213.235:443/agent.ashx

Extracted

Family

meshagent

Version

2

Botnet

Patriot Ordnance Factory

C2

http://162.0.213.235:443/agent.ashx

Attributes
  • mesh_id

    0x543EC33855CBB717EDAF3213BB26E5A561E7CF3D41883EE8CF41943A3827356F3614E981B63702B2F746DF70F3CC3D4D

  • server_id

    95C565B94BE035CFD4E742F10753279C58CBB5157492F1027BF26CC76012FFBC368A221A2F25DD47FF0F6918F98A0482

  • wss

    wss://162.0.213.235:443/agent.ashx

Signatures

  • Detects MeshAgent payload 6 IoCs
  • Meshagent family
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • z.zip
    .zip

    Password: infected

  • 91b0b1f842b5380d81ecf3f023a2b8a2a7abb86dc9ef4de58f569752dbe15f52
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections

  • 94723e64a4fe32436b43aef84d14a0cd912cf3b17c881572c2e9d92e9349adc7
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections

  • a2f41135a41217c45ae6ddad5db193b5454245d08063df1a0393772271639c1c
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections

  • d530c63416f12df760514d0e7f0acfbabe74e66b4dc923d6d8ce060d62aa7a03
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections

  • ed9eaead2f8c731f8ab49ee52bab2057ae526c1029316cb2b20a5f01eb0697c6
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections

  • f8bbdb08e1552909a7d505ee85065b1c02a0eca98d2f111b6e18c935ec2524ec
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections