Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-10-23_67ea16ebf2386e2d2a95b6c5e7818bc9_ryuk_sliver

  • Size

    3.3MB

  • MD5

    67ea16ebf2386e2d2a95b6c5e7818bc9

  • SHA1

    ecadd870220f2419b4eadb18e20848d6d4260c6e

  • SHA256

    9b2c5f16afb7672bf2cd8e161248bc0e2c0ef35ccbef23493c279a471b400188

  • SHA512

    4690d1dd5dbb512d62ab83d4f8e41fb14e04d0e59e92885bb14520c3fad238441dbb04208dbe7507bb51cc54f60af701f2a96c54dfc1ecd7fdfabc0a86b910a6

  • SSDEEP

    49152:uX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe/5F:ulRsZ47/QXoHUOfAoj1yv

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

3.2.2

C2

http://001002003004005006007008009010011012013014015016017018019030.newappstore.buzz:443/a

Attributes
  • mesh_id

    0x84203C68C35CD20584DB7CC5BD7F33E49E44CC6300690CE639A215DA70F3806E85524F48D17B7D6E5ECF630E8FD63927

  • server_id

    03FDA5F2B1374CC3E063CCCB0540ACB3684C788DA3236A40B9A8798F1A5C582BB1717D517C0B20FF8C94EB78A0021F1E

  • wss

    wss://001002003004005006007008009010011012013014015016017018019030.newappstore.buzz:443/a

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-10-23_67ea16ebf2386e2d2a95b6c5e7818bc9_ryuk_sliver
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections