Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587

  • Size

    54KB

  • Sample

    221004-bhsx2afaf5

  • MD5

    04c4553c0a90ce1678e23e9caeb1e638

  • SHA1

    f5e8af3974ecff65dbd7438c492c26073dbdc33f

  • SHA256

    e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587

  • SHA512

    d1f188b4b1f2e255e2f6de3ca4a76ade1dd32f9126a284acadb65cebec875f98f3755124124b8ea17c50e4137445b04144e51762d408877d6eee48d23d9f5b02

  • SSDEEP

    768:qiIofHSeDVtA/Wy8XIvguzGZkmNi8KicZu4CHzGmSVbRnb1UGme4oUL3zePZo5YC:qSrCJRvghVNDuZ0Gm4V1UGm3oozeR9o

Malware Config

Extracted

Family

xtremerat

C2

撰hack4ps.no-ip.info

6JhgEskcretMKY0gNfPERSISTxkiller.no-ip.info

Targets

    • Target

      e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587

    • Size

      54KB

    • MD5

      04c4553c0a90ce1678e23e9caeb1e638

    • SHA1

      f5e8af3974ecff65dbd7438c492c26073dbdc33f

    • SHA256

      e327a743f81a3ae07c17f1d5a57828ad4710538b7720415d0ffb26ec3c4d3587

    • SHA512

      d1f188b4b1f2e255e2f6de3ca4a76ade1dd32f9126a284acadb65cebec875f98f3755124124b8ea17c50e4137445b04144e51762d408877d6eee48d23d9f5b02

    • SSDEEP

      768:qiIofHSeDVtA/Wy8XIvguzGZkmNi8KicZu4CHzGmSVbRnb1UGme4oUL3zePZo5YC:qSrCJRvghVNDuZ0Gm4V1UGm3oozeR9o

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks