General

  • Target

    2025-07-02_e4284d6aee336dbd08d4ca5531f4dd9d_black-basta_coinminer_ryuk_sliver

  • Size

    3.3MB

  • MD5

    e4284d6aee336dbd08d4ca5531f4dd9d

  • SHA1

    645df33986ffab9ac8e15445fb732b20cd46f237

  • SHA256

    e04dc798c5d65cf6a57aae67e32fcc7cd8365e746d3238b8d4bba9cf75491bba

  • SHA512

    4ffc204de7acae995bd5f93fe6b4555e8ed0597b5328624eee60ccaf3bdc0f94390b4c3209e398f05058f1ef7c0a3e2ebd105d034808318a7a945eb7fe077088

  • SSDEEP

    49152:LX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QE:LlRsZ47/QXoHUOfAoj1x6E

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.geskeet.com:443/agent.ashx

Attributes
  • mesh_id

    0xEAE82E50CCAC1DA97A38F4EDFE14D6C72817C09BC6703249C54E36E7E5947D0AFD23EBF77B01CFC3A5361A5404B6ED11

  • server_id

    D297150D79D42433F8725194D2F0CD1B3ECFBB92AC27C781A574EF580F6BFA2DEFE88E496B1A5A89151E2FE70D8D38A4

  • wss

    wss://mesh.geskeet.com:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2025-07-02_e4284d6aee336dbd08d4ca5531f4dd9d_black-basta_coinminer_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections