Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-11-16...er.exe

windows7-x64

1

2024-11-16...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-16_be278a353b81896360404c4bcf6b6ac3_ismagent_ryuk_sliver

  • Size

    3.2MB

  • Sample

    241116-z81bssthqm

  • MD5

    be278a353b81896360404c4bcf6b6ac3

  • SHA1

    2a8c3437563a8cc2840050a992e6358f25b17f5e

  • SHA256

    ae7108379836377851cb7c62577f2ac5c736e6fac290dfec4fade311e234c593

  • SHA512

    1c82a6d3cf7197d60c2a1f026ad0d36fdae1834aea2162334a8848b9df684e013d4bd890d940c5c62189954a774826c9c76f3ef52b0a7cf9e9e858780959657c

  • SSDEEP

    49152:PX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe/:PlRsZ47/QXoHUOfAoj1c

Score
10/10
meshagenttokyo

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

tokyo

C2

http://172.232.102.54:443/agent.ashx

Attributes
  • mesh_id

    0xABED279823B2BD2B320D9A7F6DACD083EFA98756590C85255965B3547C71C7C943CE8BDCB2DC06B82DAF224A9C87C910

  • server_id

    6BE103485BAC23D50467F1CF77DC0C324944B61664D5F0DBF5AD40BFF7083CCAFC5ECF27219AEDD7E61E561F6EC0267E

  • wss

    wss://172.232.102.54:443/agent.ashx

Targets

    • Target

      2024-11-16_be278a353b81896360404c4bcf6b6ac3_ismagent_ryuk_sliver

    • Size

      3.2MB

    • MD5

      be278a353b81896360404c4bcf6b6ac3

    • SHA1

      2a8c3437563a8cc2840050a992e6358f25b17f5e

    • SHA256

      ae7108379836377851cb7c62577f2ac5c736e6fac290dfec4fade311e234c593

    • SHA512

      1c82a6d3cf7197d60c2a1f026ad0d36fdae1834aea2162334a8848b9df684e013d4bd890d940c5c62189954a774826c9c76f3ef52b0a7cf9e9e858780959657c

    • SSDEEP

      49152:PX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe/:PlRsZ47/QXoHUOfAoj1c

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks