Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

838a345bc0...58.exe

windows7-x64

10

838a345bc0...58.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    838a345bc007a981b97e9579b8ee78d7dfc5f717619fab47229efc5ffc5e7958

  • Size

    65KB

  • Sample

    221205-yk13raah44

  • MD5

    e56933481e08daa34c129c24f9a4fc81

  • SHA1

    9f4c8f786bab70abd4463edfb66a4a4762e4285d

  • SHA256

    838a345bc007a981b97e9579b8ee78d7dfc5f717619fab47229efc5ffc5e7958

  • SHA512

    35b4bb49c4467525fc75abf5ecf389ecdea22ff72d7819c755ca54292630530fce52b0c6196bc4417620ec3653a3da836ffe67a975e72c17eed777edfd9e3480

  • SSDEEP

    1536:72WyRaJJ62M6hwYvckT7aNxhBs+BTf8o5Vomfu:7qOrPvPT70xhBs+9fvOmfu

Score
10/10
xtremeratpersistenceratspywareupx

Malware Config

Extracted

Family

xtremerat

C2

xstrema.no-ip.org

Targets

    • Target

      838a345bc007a981b97e9579b8ee78d7dfc5f717619fab47229efc5ffc5e7958

    • Size

      65KB

    • MD5

      e56933481e08daa34c129c24f9a4fc81

    • SHA1

      9f4c8f786bab70abd4463edfb66a4a4762e4285d

    • SHA256

      838a345bc007a981b97e9579b8ee78d7dfc5f717619fab47229efc5ffc5e7958

    • SHA512

      35b4bb49c4467525fc75abf5ecf389ecdea22ff72d7819c755ca54292630530fce52b0c6196bc4417620ec3653a3da836ffe67a975e72c17eed777edfd9e3480

    • SSDEEP

      1536:72WyRaJJ62M6hwYvckT7aNxhBs+BTf8o5Vomfu:7qOrPvPT70xhBs+9fvOmfu

    Score
    10/10
    xtremeratpersistenceratspywareupx

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks