Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2024-12-23...er.exe

windows7-x64

1

2024-12-23...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-23_4c4cb38a5083ebb1fb89b82b5fd4f2f9_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    241223-cs4mysvjgq

  • MD5

    4c4cb38a5083ebb1fb89b82b5fd4f2f9

  • SHA1

    7a0590a0bda6153e8d5a6bef7dde76705b81abe6

  • SHA256

    f58b44b62dd73fcbcda2b730ef03d3d26fa064c36ab72bda13e280487a165abc

  • SHA512

    08ab5c6dbb48f903ed6fe3551b19b9c4ff98281c94c48099e9a230cb96fa6571ef2a7a1913103a64dd94136b1f23e2741112a6aaf80af8ed7560f514ec2ca0a7

  • SSDEEP

    49152:sX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QV:slRsZ47/QXoHUOfAoj1x6V

Score
10/10
meshagentfriendsupport

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

FriendSupport

C2

http://mc.poolontheroof.net:443/agent.ashx

Attributes
  • mesh_id

    0x158C4296FAC55EC44EEBEF105D0D88AB808A14F4F4D1E11E47A703B781CD47AE234254C09606581A8FB8275F67911D03

  • server_id

    A2889F715E90BA500C484CA5B78CD73A79AC5A46F2AE7D0C953AAD29682174CBC41CBFB98DDB03AE267B89A46480FD4D

  • wss

    wss://mc.poolontheroof.net:443/agent.ashx

Targets

    • Target

      2024-12-23_4c4cb38a5083ebb1fb89b82b5fd4f2f9_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      4c4cb38a5083ebb1fb89b82b5fd4f2f9

    • SHA1

      7a0590a0bda6153e8d5a6bef7dde76705b81abe6

    • SHA256

      f58b44b62dd73fcbcda2b730ef03d3d26fa064c36ab72bda13e280487a165abc

    • SHA512

      08ab5c6dbb48f903ed6fe3551b19b9c4ff98281c94c48099e9a230cb96fa6571ef2a7a1913103a64dd94136b1f23e2741112a6aaf80af8ed7560f514ec2ca0a7

    • SSDEEP

      49152:sX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85QV:slRsZ47/QXoHUOfAoj1x6V

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks