Overview

overview

10

Static

static

10

2025-04-02...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-02_2f3be280191947ec8d163ac0f6c7eef7_black-basta_coinminer_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250402-zqanestsdx

  • MD5

    2f3be280191947ec8d163ac0f6c7eef7

  • SHA1

    9eb3bc2d2871d5079598de7f136deed7caceaad8

  • SHA256

    03a9088d37b21b2d87b0c3500f0b7c937b83396befaf25ec41e0f7ccab67ceee

  • SHA512

    de837706c42b49b18ba59a0b5877c7324a84ed24b1f633bd86524b6edf18f1d7a6ed84c9ffa2aaa7a283bf8495ff6a396543ece226057b89e51338589d6504ac

  • SSDEEP

    49152:edZEy2B6vflQf6X8uZQoy3vR6QVQy5Z+bm4M/HMFvfGW0/7Z7Ib3jxw5bQ:OHvfGfZvZj1/N/z/owJQ

Score
10/10
meshagentxpressscan

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

XpressScan

C2

http://central.aspendora.com:443/agent.ashx

Attributes
  • mesh_id

    0x98EFA50924317E13ADA914F5F21CB8042C206AA52DEEF6BC47E8D771A2A636552D647DD5AE5BE76AEB7C8B3E6E86F36F

  • server_id

    6EDC47B99A183ADD438087CB7DE174DA0F8FDD4FCEFDE7F7A336F893A9685407BDD73AFA12CA32A9E2C53A2C5DBE3868

  • wss

    wss://central.aspendora.com:443/agent.ashx

Targets

    • Target

      2025-04-02_2f3be280191947ec8d163ac0f6c7eef7_black-basta_coinminer_ryuk_sliver

    • Size

      3.3MB

    • MD5

      2f3be280191947ec8d163ac0f6c7eef7

    • SHA1

      9eb3bc2d2871d5079598de7f136deed7caceaad8

    • SHA256

      03a9088d37b21b2d87b0c3500f0b7c937b83396befaf25ec41e0f7ccab67ceee

    • SHA512

      de837706c42b49b18ba59a0b5877c7324a84ed24b1f633bd86524b6edf18f1d7a6ed84c9ffa2aaa7a283bf8495ff6a396543ece226057b89e51338589d6504ac

    • SSDEEP

      49152:edZEy2B6vflQf6X8uZQoy3vR6QVQy5Z+bm4M/HMFvfGW0/7Z7Ib3jxw5bQ:OHvfGfZvZj1/N/z/owJQ

    Score
    1/10
    behavioral1

MITRE ATT&CK Matrix

Tasks