Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2024-10-31_9bcd9915db9beba642193024fd55ad7f_ryuk

  • Size

    3.3MB

  • MD5

    9bcd9915db9beba642193024fd55ad7f

  • SHA1

    08292de28fbf9e54e6a3f876293832e1eb206985

  • SHA256

    27beb88665c3041bd16c9d9701097f21523c96442bf95b5b544d4edb19b62a0f

  • SHA512

    3c556f24f3477d0540385563a384b21d3826128cc1b008573224110d025a4c7dfed9527555d4179bef50997787e0741eb3813ca3bf469e5fa1740e2b20c696d5

  • SSDEEP

    49152:fX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qe:flRsZ47/QXoHUOfAoj1x6e

Score
10/10

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

Server

C2

http://meshcentral.lighthousesubic.com:446/agent.ashx

Attributes
  • mesh_id

    0xB253CEA0975E9091C609772C27FDDA93A60FDCB381652CC1334A31D5B1AAEAC3C285A8EA96E51A7BCB9113B62C8C9280

  • server_id

    BDB3D02FF9CEF5A70B3415E2BB37DE917C0A4CA89301BF5D7B884CF9E8EB77A4F1735448868CF0508B56653B8540DC5A

  • wss

    wss://meshcentral.lighthousesubic.com:446/agent.ashx

Signatures

  • Detects MeshAgent payload 1 IoCs
  • Meshagent family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2024-10-31_9bcd9915db9beba642193024fd55ad7f_ryuk
    .exe windows:6 windows x64 arch:x64

    fb0a8b4a81655f744a37af985e009476


    Headers

    Imports

    Sections