Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c6c4bc4f0b1823022d87d608e7f7f19e89d7737707b9e55d0c705fc455504bbe

  • Size

    800KB

  • Sample

    221204-j5svjsfb6x

  • MD5

    da7a7f0674855d40b5f32749a3292151

  • SHA1

    492663f7c8f04c6678beec06797a39442182745e

  • SHA256

    c6c4bc4f0b1823022d87d608e7f7f19e89d7737707b9e55d0c705fc455504bbe

  • SHA512

    4af5840283d8c90f5ce17035e3c3ef01d8889ed277eae96a39b76b5ea4750f68d0e50b6fda21cb12c92161ebcd775984f0c6766e9441bbcafded80e0793b7f23

  • SSDEEP

    3072:vRAR2BY1emF6DA00EiqtTG142maYmOEenOBnZn/d4BVFPMuaNOi/mE5g4Sj01xS4:xKQSR

Malware Config

Extracted

Family

xtremerat

C2

zainee.no-ip.biz

Targets

    • Target

      c6c4bc4f0b1823022d87d608e7f7f19e89d7737707b9e55d0c705fc455504bbe

    • Size

      800KB

    • MD5

      da7a7f0674855d40b5f32749a3292151

    • SHA1

      492663f7c8f04c6678beec06797a39442182745e

    • SHA256

      c6c4bc4f0b1823022d87d608e7f7f19e89d7737707b9e55d0c705fc455504bbe

    • SHA512

      4af5840283d8c90f5ce17035e3c3ef01d8889ed277eae96a39b76b5ea4750f68d0e50b6fda21cb12c92161ebcd775984f0c6766e9441bbcafded80e0793b7f23

    • SSDEEP

      3072:vRAR2BY1emF6DA00EiqtTG142maYmOEenOBnZn/d4BVFPMuaNOi/mE5g4Sj01xS4:xKQSR

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks