Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0f32592722795ef45eca9706fea16685735fedfd2318ad450ccb78c469fe4998

  • Size

    196KB

  • Sample

    221205-tcxyxagh8w

  • MD5

    278e881d21f23dd62a5b2a56a27a57b0

  • SHA1

    fc2736ed6c410f77779a9c0971a354705e9d740f

  • SHA256

    0f32592722795ef45eca9706fea16685735fedfd2318ad450ccb78c469fe4998

  • SHA512

    73c238699a617c05ce694da2ef552a8a41d3a1d54e86540826a189e45cdd58b19b4ad80505ede0868c869d94ea0472ab42ff8650819f9d8ff4cddd4bb68d6c34

  • SSDEEP

    3072:A/Ak/2Nhq2awPzXToomKWIEzapmnM3A9Yyaj+tr7iicNu39JifE+oGn9Ry3KFZ:A/JKxpPlITzawmAqzj2Sk3CM+RHHFZ

Malware Config

Extracted

Family

xtremerat

C2

mastercore.dyndns.biz

Targets

    • Target

      0f32592722795ef45eca9706fea16685735fedfd2318ad450ccb78c469fe4998

    • Size

      196KB

    • MD5

      278e881d21f23dd62a5b2a56a27a57b0

    • SHA1

      fc2736ed6c410f77779a9c0971a354705e9d740f

    • SHA256

      0f32592722795ef45eca9706fea16685735fedfd2318ad450ccb78c469fe4998

    • SHA512

      73c238699a617c05ce694da2ef552a8a41d3a1d54e86540826a189e45cdd58b19b4ad80505ede0868c869d94ea0472ab42ff8650819f9d8ff4cddd4bb68d6c34

    • SSDEEP

      3072:A/Ak/2Nhq2awPzXToomKWIEzapmnM3A9Yyaj+tr7iicNu39JifE+oGn9Ry3KFZ:A/JKxpPlITzawmAqzj2Sk3CM+RHHFZ

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Modifies Installed Components in the registry

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks