Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2025-03-11_24250744c142cfd910615124bd110528_frostygoop_luca-stealer_poet-rat_sliver_snatch
-
Size
17.7MB
-
Sample
250311-eahzmsz1gs
-
MD5
24250744c142cfd910615124bd110528
-
SHA1
c9f98decb8fe2d823ad9ba467cc072c27121dc60
-
SHA256
283663ea0f593bc5a4096da2a0a5effc0fd87003ad0d9f7aa0549c0be0647168
-
SHA512
84045cbb66b7ba3fe025767708adbe486ddffd7cd5c92509b09f7dfb8a035f8e2fa3f4e03c6e0cb16824b55ba9a9f0f6732d142c8ae08fc170ccec28f4704054
-
SSDEEP
98304:WfQTmnB+MhVgMJDE11ODVEEMs9K1NU+nusEnsnK5vrCwm:WfQu+egMJY1OMs9K1NU+nKnxVNm
Malware Config
Targets
-
-
Target
2025-03-11_24250744c142cfd910615124bd110528_frostygoop_luca-stealer_poet-rat_sliver_snatch
-
Size
17.7MB
-
MD5
24250744c142cfd910615124bd110528
-
SHA1
c9f98decb8fe2d823ad9ba467cc072c27121dc60
-
SHA256
283663ea0f593bc5a4096da2a0a5effc0fd87003ad0d9f7aa0549c0be0647168
-
SHA512
84045cbb66b7ba3fe025767708adbe486ddffd7cd5c92509b09f7dfb8a035f8e2fa3f4e03c6e0cb16824b55ba9a9f0f6732d142c8ae08fc170ccec28f4704054
-
SSDEEP
98304:WfQTmnB+MhVgMJDE11ODVEEMs9K1NU+nusEnsnK5vrCwm:WfQu+egMJY1OMs9K1NU+nKnxVNm
Score10/10-
Detects MeshAgent payload
-
MeshAgent
MeshAgent is an open source remote access trojan written in C++.
-
Meshagent family
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets service image path in registry
-
Executes dropped EXE
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-