Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    73eae01801ae6766aef554a74b10cf0f

  • Size

    21KB

  • Sample

    240125-gq8akshgb3

  • MD5

    73eae01801ae6766aef554a74b10cf0f

  • SHA1

    030c20b6e6dee94dbcf895ab61aa3bc389cd9488

  • SHA256

    f0681dc50e4fc46694f011936d37d95fae6a21ad3780452446c6c9b1d2dafc56

  • SHA512

    574faae9153e708a48ae161a8e65f8790fb6cf2313724278386130e573b6d125de85633c25bfde519d66a2201eadcf22812c92cbe00e12a409c31d1a4b4a28b8

  • SSDEEP

    384:iIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNl+CpQ4s7X4pLR:iIsF81fG9QveLOYTe5YiUCpQfU

Malware Config

Extracted

Family

xtremerat

C2

mpc1234.no-ip.org

Targets

    • Target

      73eae01801ae6766aef554a74b10cf0f

    • Size

      21KB

    • MD5

      73eae01801ae6766aef554a74b10cf0f

    • SHA1

      030c20b6e6dee94dbcf895ab61aa3bc389cd9488

    • SHA256

      f0681dc50e4fc46694f011936d37d95fae6a21ad3780452446c6c9b1d2dafc56

    • SHA512

      574faae9153e708a48ae161a8e65f8790fb6cf2313724278386130e573b6d125de85633c25bfde519d66a2201eadcf22812c92cbe00e12a409c31d1a4b4a28b8

    • SSDEEP

      384:iIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNl+CpQ4s7X4pLR:iIsF81fG9QveLOYTe5YiUCpQfU

    • Detect XtremeRAT payload

    • Modifies WinLogon for persistence

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks