Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    919b080c6200fbf05a741ec572f077b116d87849fa595d90daa6537e3f9cbaf3

  • Size

    537KB

  • Sample

    221205-pnm6madg3s

  • MD5

    8c9baa45fb37a6c89cb9861dcc8d2f1f

  • SHA1

    65342cfdd656011df268269cfa07f93d351bca00

  • SHA256

    919b080c6200fbf05a741ec572f077b116d87849fa595d90daa6537e3f9cbaf3

  • SHA512

    f76cfa6dab53abc804285780d52c4608a11b90461930ea03d11e2b3a58c89d67254f2b1e4f25adabc38156dab9aaaecc8298f8b2f9b4dddfa15fb5d8a0039f0b

  • SSDEEP

    12288:UoS493ACIl7vI1kiqHNnyVek/a4QmHNX467p9KMSL8vbfcF3baixe/:UoIjIbgyLC495467zKMRzcVei4/

Malware Config

Extracted

Family

xtremerat

C2

maradona.no-ip.org

Targets

    • Target

      919b080c6200fbf05a741ec572f077b116d87849fa595d90daa6537e3f9cbaf3

    • Size

      537KB

    • MD5

      8c9baa45fb37a6c89cb9861dcc8d2f1f

    • SHA1

      65342cfdd656011df268269cfa07f93d351bca00

    • SHA256

      919b080c6200fbf05a741ec572f077b116d87849fa595d90daa6537e3f9cbaf3

    • SHA512

      f76cfa6dab53abc804285780d52c4608a11b90461930ea03d11e2b3a58c89d67254f2b1e4f25adabc38156dab9aaaecc8298f8b2f9b4dddfa15fb5d8a0039f0b

    • SSDEEP

      12288:UoS493ACIl7vI1kiqHNnyVek/a4QmHNX467p9KMSL8vbfcF3baixe/:UoIjIbgyLC495467zKMRzcVei4/

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks