Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587
-
Size
54KB
-
Sample
221004-bhsx2afaf5
-
MD5
04c4553c0a90ce1678e23e9caeb1e638
-
SHA1
f5e8af3974ecff65dbd7438c492c26073dbdc33f
-
SHA256
e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587
-
SHA512
d1f188b4b1f2e255e2f6de3ca4a76ade1dd32f9126a284acadb65cebec875f98f3755124124b8ea17c50e4137445b04144e51762d408877d6eee48d23d9f5b02
-
SSDEEP
768:qiIofHSeDVtA/Wy8XIvguzGZkmNi8KicZu4CHzGmSVbRnb1UGme4oUL3zePZo5YC:qSrCJRvghVNDuZ0Gm4V1UGm3oozeR9o
Static task
static1
Behavioral task
behavioral1
Sample
e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
xtremerat
撰hack4ps.no-ip.info
6JhgEskcretMKY0gNfPERSISTxkiller.no-ip.info
Targets
-
-
Target
e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587
-
Size
54KB
-
MD5
04c4553c0a90ce1678e23e9caeb1e638
-
SHA1
f5e8af3974ecff65dbd7438c492c26073dbdc33f
-
SHA256
e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587
-
SHA512
d1f188b4b1f2e255e2f6de3ca4a76ade1dd32f9126a284acadb65cebec875f98f3755124124b8ea17c50e4137445b04144e51762d408877d6eee48d23d9f5b02
-
SSDEEP
768:qiIofHSeDVtA/Wy8XIvguzGZkmNi8KicZu4CHzGmSVbRnb1UGme4oUL3zePZo5YC:qSrCJRvghVNDuZ0Gm4V1UGm3oozeR9o
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-