General

  • Target

    64 - SECRETARIA GENERAL DE COORDINACION.exe

  • Size

    3.3MB

  • Sample

    250401-na4e1szn13

  • MD5

    a669ae9078f80b83d3382b521d018e4a

  • SHA1

    210f6bf732a1179c06a52ecbddd9a1cb6325036c

  • SHA256

    378d12e22db625f9fb030956effc9ffb3a6e7cc7bd9caa0393236046086c38af

  • SHA512

    fc903f2e0e72953e279f3ef0a9c401de31baddfc98c929fc39d55db8bb1b301686f1d8d3e45d61d5d85f19cab913120750185b2ae4fb4698444cd903fe895436

  • SSDEEP

    49152:TX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q5:TlRsZ47/QXoHUOfAoj1x65

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

SECRETARÍA GENERAL DE COORDINACIÓN

C2

http://meshcentral.chuquisaca.gob.bo:443/agent.ashx

Attributes
  • mesh_id

    0x6AD535184516B9207EC7ED45B5BC7928541A366C1FA4E4000FFD6316318EFF68071D674EE2CF3CEBDC45E469F6E32F8E

  • server_id

    D3F86B558925BC6530AEEDA91B544840800211D1376D416552A0BBE8770BAF900524E34C8543EB22E0DC9A07F11CF727

  • wss

    wss://meshcentral.chuquisaca.gob.bo:443/agent.ashx

Targets

    • Target

      64 - SECRETARIA GENERAL DE COORDINACION.exe

    • Size

      3.3MB

    • MD5

      a669ae9078f80b83d3382b521d018e4a

    • SHA1

      210f6bf732a1179c06a52ecbddd9a1cb6325036c

    • SHA256

      378d12e22db625f9fb030956effc9ffb3a6e7cc7bd9caa0393236046086c38af

    • SHA512

      fc903f2e0e72953e279f3ef0a9c401de31baddfc98c929fc39d55db8bb1b301686f1d8d3e45d61d5d85f19cab913120750185b2ae4fb4698444cd903fe895436

    • SSDEEP

      49152:TX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Q5:TlRsZ47/QXoHUOfAoj1x65

    • Detects MeshAgent payload

    • MeshAgent

      MeshAgent is an open source remote access trojan written in C++.

    • Meshagent family

    • Sets service image path in registry

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks