Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6ba23dde45052a3c6bc265c3b0a3da529ed08b7aa2532b0f2f723264bc8de208

  • Size

    237KB

  • Sample

    220919-a23qxahba9

  • MD5

    bb1349a308133fd9e4c5abbbb3c9f916

  • SHA1

    1c23d0291ce79a9e1947ff8b410ab851ce574f6b

  • SHA256

    6ba23dde45052a3c6bc265c3b0a3da529ed08b7aa2532b0f2f723264bc8de208

  • SHA512

    8c40320ec6cd128c9c7df8476489b08a244eb6afe283ea664d8de1171059799863d90d988a5fcaaf99491921d988bb0726bd63e2c73030d979f90533f0f02f91

  • SSDEEP

    6144:zqY9SC2DqBRhVh8njm9VCwH+ep7Ld7G8nZDHpv:uYMusnjmLjbiqHv

Malware Config

Extracted

Family

xtremerat

C2

xtrema.no-ip.org

Targets

    • Target

      6ba23dde45052a3c6bc265c3b0a3da529ed08b7aa2532b0f2f723264bc8de208

    • Size

      237KB

    • MD5

      bb1349a308133fd9e4c5abbbb3c9f916

    • SHA1

      1c23d0291ce79a9e1947ff8b410ab851ce574f6b

    • SHA256

      6ba23dde45052a3c6bc265c3b0a3da529ed08b7aa2532b0f2f723264bc8de208

    • SHA512

      8c40320ec6cd128c9c7df8476489b08a244eb6afe283ea664d8de1171059799863d90d988a5fcaaf99491921d988bb0726bd63e2c73030d979f90533f0f02f91

    • SSDEEP

      6144:zqY9SC2DqBRhVh8njm9VCwH+ep7Ld7G8nZDHpv:uYMusnjmLjbiqHv

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks