General

  • Target

    2025-03-29_6bc680bbf593a297cb4f6162adce56fb_black-basta_coinminer_ryuk_sliver

  • Size

    3.3MB

  • MD5

    6bc680bbf593a297cb4f6162adce56fb

  • SHA1

    38f5273de116b8fc4d4579355457015ee4ac90d0

  • SHA256

    8a67996c69a47609c04e63423dc9789a56278125cddf6586d291ae7a1e961701

  • SHA512

    217e118adec53dde52b56fff1ec4620e295be842f179c3b99495e3dd5566c11da11b0df917e602bcad7da8342d4bd44021f25864be4f0b0ed345920def99a486

  • SSDEEP

    49152:WX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QN:WlRsZ47/QXoHUOfAoj1x6N

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.mntech.support:443/agent.ashx

Attributes
  • mesh_id

    0x8A126C67F93411EE10C7D1237499902037CB803275A3AF339135C535640B549C3AF25030A36274052D3C275E02DA0D2B

  • server_id

    7D598C9BE1309FCA87671D72FCC1592D7D6539D402D82A9D6F0CB1CA00065B0CFE30FEF39BCE003398571AB24DD4473C

  • wss

    wss://mesh.mntech.support:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-03-29_6bc680bbf593a297cb4f6162adce56fb_black-basta_coinminer_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections