Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7664d3b2b48c3af986f6a184f42988e267beb3e5cbc99562f9228ac18ba74051

  • Size

    289KB

  • Sample

    221201-dspz8sde8y

  • MD5

    7c5076f4818ad83b85c386d14a10a894

  • SHA1

    506aaae1de0316b8b20b94905f35a582ef659465

  • SHA256

    7664d3b2b48c3af986f6a184f42988e267beb3e5cbc99562f9228ac18ba74051

  • SHA512

    0a1d4a9a40af1b25db0ff643cc271e1dd0edb07076fa166b20c60413bde2976fa4c83fc9048de60c60d47ba222f38c0c1e1665fd81367b862bead270331def80

  • SSDEEP

    6144:4WqA/eRFp0yN90QE6KntvLfggDsMLDwP:R/eay904+xLfggDFDwP

Malware Config

Extracted

Family

xtremerat

C2

merlim2.no-ip.org

耀€睊袸睊袌睊糨merlim2.no-ip.org

Targets

    • Target

      7664d3b2b48c3af986f6a184f42988e267beb3e5cbc99562f9228ac18ba74051

    • Size

      289KB

    • MD5

      7c5076f4818ad83b85c386d14a10a894

    • SHA1

      506aaae1de0316b8b20b94905f35a582ef659465

    • SHA256

      7664d3b2b48c3af986f6a184f42988e267beb3e5cbc99562f9228ac18ba74051

    • SHA512

      0a1d4a9a40af1b25db0ff643cc271e1dd0edb07076fa166b20c60413bde2976fa4c83fc9048de60c60d47ba222f38c0c1e1665fd81367b862bead270331def80

    • SSDEEP

      6144:4WqA/eRFp0yN90QE6KntvLfggDsMLDwP:R/eay904+xLfggDFDwP

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks