Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8ecd0fa35ce6fedf338b77e994e5baf2af02b99b26c0b231dd93dac4159a479c

  • Size

    20KB

  • Sample

    221201-pacsqseg78

  • MD5

    1b18182b593858a7caaea157a605917c

  • SHA1

    8a7520c8ec6ac58402b4ae644dc80e662210fe79

  • SHA256

    8ecd0fa35ce6fedf338b77e994e5baf2af02b99b26c0b231dd93dac4159a479c

  • SHA512

    18d5d1380e737e6861d6b38a723070ded2f8ac772ebc2ea5262a6cbb213797569052702cff2919eff4466bee02dcb20c38bf0c571c90992cf5a9f0b498b329b4

  • SSDEEP

    384:WnD2eetIgFttzfA8WFRGlm/L5wp2ZDvDqVJMoz7x4vRbFUvWLR:A2PtxFt9m7GSL5UVJtz7x2bqY

Malware Config

Targets

    • Target

      8ecd0fa35ce6fedf338b77e994e5baf2af02b99b26c0b231dd93dac4159a479c

    • Size

      20KB

    • MD5

      1b18182b593858a7caaea157a605917c

    • SHA1

      8a7520c8ec6ac58402b4ae644dc80e662210fe79

    • SHA256

      8ecd0fa35ce6fedf338b77e994e5baf2af02b99b26c0b231dd93dac4159a479c

    • SHA512

      18d5d1380e737e6861d6b38a723070ded2f8ac772ebc2ea5262a6cbb213797569052702cff2919eff4466bee02dcb20c38bf0c571c90992cf5a9f0b498b329b4

    • SSDEEP

      384:WnD2eetIgFttzfA8WFRGlm/L5wp2ZDvDqVJMoz7x4vRbFUvWLR:A2PtxFt9m7GSL5UVJtz7x2bqY

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks