Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    567500b59ed387275adcf582e0cf72385ad7d50bf76309e1970233f7910b61d1

  • Size

    160KB

  • Sample

    221206-sfqhkaha86

  • MD5

    0e31db04153b69301c0bddc6ce225b7d

  • SHA1

    2b5b28203b193c2bf12fe2674217c6490d300b9a

  • SHA256

    567500b59ed387275adcf582e0cf72385ad7d50bf76309e1970233f7910b61d1

  • SHA512

    eb7863dd9d6fb2b0d631315eeb20d07fc6e8ac50ca50cebc8a5d36d73d421cd6e05012925ce19f403c119b139b233813a0add75de37f6eebcb1d35530a0221b8

  • SSDEEP

    1536:y8bw9gC2LBsuc3+yepJW8Hf6tLzvLoxAd3WsHU6mDWTSsP27o01M:6gCOO3+zpfHgLfow3W0U6aUj01M

Malware Config

Extracted

Family

xtremerat

C2

b3efpwn.no-ip.biz

Targets

    • Target

      567500b59ed387275adcf582e0cf72385ad7d50bf76309e1970233f7910b61d1

    • Size

      160KB

    • MD5

      0e31db04153b69301c0bddc6ce225b7d

    • SHA1

      2b5b28203b193c2bf12fe2674217c6490d300b9a

    • SHA256

      567500b59ed387275adcf582e0cf72385ad7d50bf76309e1970233f7910b61d1

    • SHA512

      eb7863dd9d6fb2b0d631315eeb20d07fc6e8ac50ca50cebc8a5d36d73d421cd6e05012925ce19f403c119b139b233813a0add75de37f6eebcb1d35530a0221b8

    • SSDEEP

      1536:y8bw9gC2LBsuc3+yepJW8Hf6tLzvLoxAd3WsHU6mDWTSsP27o01M:6gCOO3+zpfHgLfow3W0U6aUj01M

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks