Overview

overview

10

Static

static

10

2025-04-02...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-02_68bdc773913a630bc03071dd01b28a21_black-basta_coinminer_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250402-c6p2qaspt7

  • MD5

    68bdc773913a630bc03071dd01b28a21

  • SHA1

    245ef58704e7821a2264b10d3ad04f7a59a2980c

  • SHA256

    f54d5ea7a633362f013c76c250563e31ba9365dfa6cf1d8f1e302f5c8a97c844

  • SHA512

    98f7c4f4b2ee7041324729e64f663d2c031ef734286c7df904771fb58f04c7840d6881519b55c859edd79e00c97dfdde918d2c9c3bc99dbc454afec6cb0f6ec2

  • SSDEEP

    49152:ndZEy2B6vflQf6X8uZQoy3vR6QVQy5Z+bm4M/HMFvfGW0/7Z7Ib3jxw5by:dHvfGfZvZj1/N/z/owJy

Score
10/10
meshagentbentwood

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

BENTWOOD

C2

http://itdobro.ru:443/agent.ashx

Attributes
  • mesh_id

    0xBB112163C71F641E084C3263DB40925C97B027ABC751FE1DCB436E463536E6CC0B85E65077763F27673B0C4BB4FD8778

  • server_id

    790FFF105FCF9D4DA0A56EA117C7C6BF3DF2FCF0E0FA67C7B77C741E21538E85E6B431F13C8E9C558C855A607F929FBA

  • wss

    wss://itdobro.ru:443/agent.ashx

Targets

    • Target

      2025-04-02_68bdc773913a630bc03071dd01b28a21_black-basta_coinminer_ryuk_sliver

    • Size

      3.3MB

    • MD5

      68bdc773913a630bc03071dd01b28a21

    • SHA1

      245ef58704e7821a2264b10d3ad04f7a59a2980c

    • SHA256

      f54d5ea7a633362f013c76c250563e31ba9365dfa6cf1d8f1e302f5c8a97c844

    • SHA512

      98f7c4f4b2ee7041324729e64f663d2c031ef734286c7df904771fb58f04c7840d6881519b55c859edd79e00c97dfdde918d2c9c3bc99dbc454afec6cb0f6ec2

    • SSDEEP

      49152:ndZEy2B6vflQf6X8uZQoy3vR6QVQy5Z+bm4M/HMFvfGW0/7Z7Ib3jxw5by:dHvfGfZvZj1/N/z/owJy

    Score
    1/10
    behavioral1

MITRE ATT&CK Matrix

Tasks