Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-10-22_94edb1450da05482742e87a0f551953b_ryuk_sliver

  • Size

    3.3MB

  • MD5

    94edb1450da05482742e87a0f551953b

  • SHA1

    b83c27fe54c6c8ea40f7c499aedba6fb7b66be30

  • SHA256

    da98b3869d8b00f6c1fe443675fa65d8c504f169dd9f0e9c4010b7689e974380

  • SHA512

    61eac2968807ff0335094030cdb708cf00f54e6a23d84468184cb23422a2d109fa42f9f098439b839506033e4136e0f71030889bdef13de0529f9f518a80d919

  • SSDEEP

    49152:vX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQet5B:vlRsZ47/QXoHUOfAoj14T

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Pune

C2

http://remoteshare.in:443/agent.ashx

Attributes
  • mesh_id

    0x147D947C67896CBFA9A9DD3C314B5B726E85BA27E6DB2682C74EA268857DB84B65C4A83007E038189CE7D705C5B4A4BD

  • server_id

    C548A56198204AA58B1B935B7C94DEC937F526F4D95BA9A934173D49C789C88C656BEC078BE602DD32033D07A44BF5E2

  • wss

    wss://remoteshare.in:443/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-10-22_94edb1450da05482742e87a0f551953b_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections