General
-
Target
7zS.sfx.exe
-
Size
352.6MB
-
Sample
250401-w2whgswny4
-
MD5
e48e5b2645ef2ad3e9a5220f0208e478
-
SHA1
1e4c27affc493f14917c6380f5b7688a125f4ad1
-
SHA256
cdb4e4b35b002bd64e701f3c1e8b147b96cb0907bcc88ead92521777781ca2d1
-
SHA512
527d6b998ccf5750ad6add37d9afdeeb3251de3e2a4cda560f33378ce1231e5c6b970d474a075c91b5fc8bb0287b61d43d261a3b5a4b95a85ee2572c7cc3ef48
-
SSDEEP
6291456:RtuQC+T/4kVX12ZnNwS3EQfliyDRq/TIPYnprfaqdDYq75WeDkjEqMDqfBwqH+1d:RtuJU/4kz2Zn64EQflRUbIPypzabq5b7
Static task
static1
Behavioral task
behavioral1
Sample
7zS.sfx.exe
Resource
win10ltsc2021-20250314-en
Malware Config
Extracted
meshagent
2
traffic-vc
http://162.0.213.235:443/agent.ashx
-
mesh_id
0xB1C45FED5569BA8EA2AEFA5B7F96E1A369A830758052E01439318F7DAE34EBD045AAD08F3074DE3C397578EC21921DF7
-
server_id
95C565B94BE035CFD4E742F10753279C58CBB5157492F1027BF26CC76012FFBC368A221A2F25DD47FF0F6918F98A0482
-
wss
wss://162.0.213.235:443/agent.ashx
Targets
-
-
Target
7zS.sfx.exe
-
Size
352.6MB
-
MD5
e48e5b2645ef2ad3e9a5220f0208e478
-
SHA1
1e4c27affc493f14917c6380f5b7688a125f4ad1
-
SHA256
cdb4e4b35b002bd64e701f3c1e8b147b96cb0907bcc88ead92521777781ca2d1
-
SHA512
527d6b998ccf5750ad6add37d9afdeeb3251de3e2a4cda560f33378ce1231e5c6b970d474a075c91b5fc8bb0287b61d43d261a3b5a4b95a85ee2572c7cc3ef48
-
SSDEEP
6291456:RtuQC+T/4kVX12ZnNwS3EQfliyDRq/TIPYnprfaqdDYq75WeDkjEqMDqfBwqH+1d:RtuJU/4kz2Zn64EQflRUbIPypzabq5b7
-
Detects MeshAgent payload
-
Meshagent family
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-