Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c81547b192e71dc1c4859368795cb687be1cc5a9e2f2c5137ee290cfb8d504fe

  • Size

    205KB

  • Sample

    221201-kzw6fscg49

  • MD5

    5bd790f9ad826b59173a72498f9a96e5

  • SHA1

    36a1e9bbc5774f96681740e8216923e0377d05be

  • SHA256

    c81547b192e71dc1c4859368795cb687be1cc5a9e2f2c5137ee290cfb8d504fe

  • SHA512

    f8a7eb6143e150a4483228043e363969bdadb3d1f47e34912ebebc898bbb007db35384c9a4472c8ab556b4428f8903b2f5bd6bc3eab627954d63236af85400b8

  • SSDEEP

    3072:QZkRi4rZqDjiuHg76dGMGK/P833iO779p9cFe6Q1cdE0SI1PbHNRTG64IoX:QWRTmaW9GH33hXCeBuEObHNRTG64

Malware Config

Extracted

Family

xtremerat

C2

juliosouza.no-ip.org

Targets

    • Target

      c81547b192e71dc1c4859368795cb687be1cc5a9e2f2c5137ee290cfb8d504fe

    • Size

      205KB

    • MD5

      5bd790f9ad826b59173a72498f9a96e5

    • SHA1

      36a1e9bbc5774f96681740e8216923e0377d05be

    • SHA256

      c81547b192e71dc1c4859368795cb687be1cc5a9e2f2c5137ee290cfb8d504fe

    • SHA512

      f8a7eb6143e150a4483228043e363969bdadb3d1f47e34912ebebc898bbb007db35384c9a4472c8ab556b4428f8903b2f5bd6bc3eab627954d63236af85400b8

    • SSDEEP

      3072:QZkRi4rZqDjiuHg76dGMGK/P833iO779p9cFe6Q1cdE0SI1PbHNRTG64IoX:QWRTmaW9GH33hXCeBuEObHNRTG64

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks