Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1a1832d01da648109a9e6e530c96b2d6
-
Size
588KB
-
Sample
231230-qshblshfaq
-
MD5
1a1832d01da648109a9e6e530c96b2d6
-
SHA1
ac5b176e8882e5b2e63a267dcaf2584bd2a5dee9
-
SHA256
e6f8559599f741c5c51425d32fe66103d669985ef697a4d3ad47066762cf3c2d
-
SHA512
cd1d30d188c9ad9d63904e460ede16a0322d244c9127518beadfa9e6547137c5eff470a47a176476ae333a790fdfcd8cd069cb6f1f3981cba49371e52300c247
-
SSDEEP
12288:FyHVRIMGGtpRbRi1H0xNYTpc0dbm2fABXBN4aCvvm1zq5:AVRIMGGtpxg6YG0dbm2fokkm
Static task
static1
Behavioral task
behavioral1
Sample
1a1832d01da648109a9e6e530c96b2d6.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
1a1832d01da648109a9e6e530c96b2d6.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
xtremerat
finders.hopto.org
powned.no-ip.org
Targets
-
-
Target
1a1832d01da648109a9e6e530c96b2d6
-
Size
588KB
-
MD5
1a1832d01da648109a9e6e530c96b2d6
-
SHA1
ac5b176e8882e5b2e63a267dcaf2584bd2a5dee9
-
SHA256
e6f8559599f741c5c51425d32fe66103d669985ef697a4d3ad47066762cf3c2d
-
SHA512
cd1d30d188c9ad9d63904e460ede16a0322d244c9127518beadfa9e6547137c5eff470a47a176476ae333a790fdfcd8cd069cb6f1f3981cba49371e52300c247
-
SSDEEP
12288:FyHVRIMGGtpRbRi1H0xNYTpc0dbm2fABXBN4aCvvm1zq5:AVRIMGGtpxg6YG0dbm2fokkm
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE
-
Loads dropped DLL
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-