Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
7664d3b2b48c3af986f6a184f42988e267beb3e5cbc99562f9228ac18ba74051
-
Size
289KB
-
Sample
221201-dspz8sde8y
-
MD5
7c5076f4818ad83b85c386d14a10a894
-
SHA1
506aaae1de0316b8b20b94905f35a582ef659465
-
SHA256
7664d3b2b48c3af986f6a184f42988e267beb3e5cbc99562f9228ac18ba74051
-
SHA512
0a1d4a9a40af1b25db0ff643cc271e1dd0edb07076fa166b20c60413bde2976fa4c83fc9048de60c60d47ba222f38c0c1e1665fd81367b862bead270331def80
-
SSDEEP
6144:4WqA/eRFp0yN90QE6KntvLfggDsMLDwP:R/eay904+xLfggDFDwP
Static task
static1
Behavioral task
behavioral1
Sample
7664d3b2b48c3af986f6a184f42988e267beb3e5cbc99562f9228ac18ba74051.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7664d3b2b48c3af986f6a184f42988e267beb3e5cbc99562f9228ac18ba74051.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
xtremerat
merlim2.no-ip.org
耀睊袸睊袌睊糨merlim2.no-ip.org
Targets
-
-
Target
7664d3b2b48c3af986f6a184f42988e267beb3e5cbc99562f9228ac18ba74051
-
Size
289KB
-
MD5
7c5076f4818ad83b85c386d14a10a894
-
SHA1
506aaae1de0316b8b20b94905f35a582ef659465
-
SHA256
7664d3b2b48c3af986f6a184f42988e267beb3e5cbc99562f9228ac18ba74051
-
SHA512
0a1d4a9a40af1b25db0ff643cc271e1dd0edb07076fa166b20c60413bde2976fa4c83fc9048de60c60d47ba222f38c0c1e1665fd81367b862bead270331def80
-
SSDEEP
6144:4WqA/eRFp0yN90QE6KntvLfggDsMLDwP:R/eay904+xLfggDFDwP
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-