Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2025-03-18...er.exe

windows7-x64

1

2025-03-18...er.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-03-18_b3bc38b1524eee5376bb2c8fb79e9db0_coinminer_ismagent_ryuk_sliver

  • Size

    3.3MB

  • Sample

    250318-jflpyaw1ew

  • MD5

    b3bc38b1524eee5376bb2c8fb79e9db0

  • SHA1

    10474fe85bfb61995f731d340e72aeaacc62d65a

  • SHA256

    7a643937a91cad4be97ab00a8bae0de5a385c3f848d446cf7c8508fc95ed937d

  • SHA512

    a05952342dbf657642e102644c4570d1d956631c9f5ae1953a42a608ebd3166612ca6753b409f1a84ca5520fec29c2370c229a14ad1502391ef91be6f8aaa7fe

  • SSDEEP

    49152:AX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qg:AlRsZ47/QXoHUOfAoj1x6g

Score
10/10
meshagenttacticalrmm

Malware Config

Extracted

Family

meshagent

Version

2

Botnet

TacticalRMM

C2

http://mesh.trmm.screwlooseit.com.au:443/agent.ashx

Attributes
  • mesh_id

    0x85FB9F905C525B468D5ECF7ACD8D71551BDAC5541F3C5BF805CACAD4EA856C5137320D5A60A4C26BE8665E24CF35F395

  • server_id

    433049C9A3214D7670D82306969EA38C1B34CA0CF0AE3C16194665BCDBB838705CCF8FDD48B68623920AC9585D137C28

  • wss

    wss://mesh.trmm.screwlooseit.com.au:443/agent.ashx

Targets

    • Target

      2025-03-18_b3bc38b1524eee5376bb2c8fb79e9db0_coinminer_ismagent_ryuk_sliver

    • Size

      3.3MB

    • MD5

      b3bc38b1524eee5376bb2c8fb79e9db0

    • SHA1

      10474fe85bfb61995f731d340e72aeaacc62d65a

    • SHA256

      7a643937a91cad4be97ab00a8bae0de5a385c3f848d446cf7c8508fc95ed937d

    • SHA512

      a05952342dbf657642e102644c4570d1d956631c9f5ae1953a42a608ebd3166612ca6753b409f1a84ca5520fec29c2370c229a14ad1502391ef91be6f8aaa7fe

    • SSDEEP

      49152:AX3YnLOQYsZfQ74C6SkgSbXP31+frjUYuHi7nT8poTMFvfuJ1kZ7NrjHQe85Qg:AlRsZ47/QXoHUOfAoj1x6g

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks