General

  • Target

    devsur.zip

  • Size

    2.4MB

  • MD5

    9d2a683d362cf6307aedb62aba92e8cb

  • SHA1

    ec5cc664ddc151c643133340020718ecba8045ba

  • SHA256

    2ff02020f85a89f6e7a2b04b2c283d260f372605ba46700b57976dfe3dc7126f

  • SHA512

    3cdb0c98e66c4cca6594ed177456478fc25f66c1679d74c6995ecb2586aff2a21bcf858fcc40f774968c0dec1d4f9ab5bd914febf91764edb3c261f91cd79403

  • SSDEEP

    49152:6FwuwcvFjg1JwelSvTSOoGI2SAj3140QgYBlCrmzpgQIKiMUQ:burdjg1ueYLSO3IO14TlCrSNmm

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

xxx

C2

http://147.45.44.33:443/agent.ashx

Attributes
  • mesh_id

    0xC605A74F674F153D2CFDCEE05A6794D3591C42A23D5D66786F4E5F7FA4FEC15A10E5428644AE0A99A357FF00EBA44488

  • server_id

    1AB15B5958371C1A3063A4F9A763F32625B2F121A51A792B2F0582CC310EA8056F8F7ECCAA508667DFB9F539619A6181

  • wss

    wss://147.45.44.33:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • devsur.zip
    .zip

    Password: 123qwert

  • update.exe
    .exe windows:6 windows x64 arch:x64

    Password: 123qwert

    d743740f06aa0a325bb5c948f63319ce


    Headers

    Imports

    Sections

  • update2.exe
    .exe windows:6 windows x64 arch:x64

    Password: 123qwert

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections