General
-
Target
2025-03-30_d92b6a4cf8e650e71ee93b187957cffe_black-basta_coinminer_ryuk_sliver
-
Size
2.9MB
-
Sample
250330-mnlxfsyq12
-
MD5
d92b6a4cf8e650e71ee93b187957cffe
-
SHA1
6c3666d283cac020ee6eafe52b99bbf2c1d861dd
-
SHA256
8714961aa348a4e6d8374952e797ba42ec7e378ab8ad24137947de0b7105f0f2
-
SHA512
391b67ef330877a67e52730e4e8a98be8cd49661b9910e97ff7750685d8f92f14d3b718d8e7b1bcb459b8f5932423b47cd3c4a1530232ce35415f447a8bfb0b1
-
SSDEEP
49152:DiQagHg5EVhwQd+qrW+i1w+Tqc0KxZbDOCwMDbyeKw3FGMFvfjPW21I3iI4:mg7hRdj9iMlHBSFBWo
Behavioral task
behavioral1
Sample
2025-03-30_d92b6a4cf8e650e71ee93b187957cffe_black-basta_coinminer_ryuk_sliver.exe
Resource
win7-20241010-en
Malware Config
Extracted
meshagent
2
AWS
http://192.46.210.125:443/agent.ashx
-
mesh_id
0x17BCF4CFE0FB6F752503B1D8E8959E7262111B808967FF1608539486EC85E06DB726AE0F09281F9BBA22AEEDAB20DD72
-
server_id
2E34D36C9A88748D96D811E6C535A88A1892E87F0108F89CDBB38191941C926BE4A273B1648710E7DCA28AC79E20F2D5
-
wss
wss://192.46.210.125:443/agent.ashx
Targets
-
-
Target
2025-03-30_d92b6a4cf8e650e71ee93b187957cffe_black-basta_coinminer_ryuk_sliver
-
Size
2.9MB
-
MD5
d92b6a4cf8e650e71ee93b187957cffe
-
SHA1
6c3666d283cac020ee6eafe52b99bbf2c1d861dd
-
SHA256
8714961aa348a4e6d8374952e797ba42ec7e378ab8ad24137947de0b7105f0f2
-
SHA512
391b67ef330877a67e52730e4e8a98be8cd49661b9910e97ff7750685d8f92f14d3b718d8e7b1bcb459b8f5932423b47cd3c4a1530232ce35415f447a8bfb0b1
-
SSDEEP
49152:DiQagHg5EVhwQd+qrW+i1w+Tqc0KxZbDOCwMDbyeKw3FGMFvfjPW21I3iI4:mg7hRdj9iMlHBSFBWo
-
Detects MeshAgent payload
-
Meshagent family
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1