Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
73eae01801ae6766aef554a74b10cf0f
-
Size
21KB
-
Sample
240125-gq8akshgb3
-
MD5
73eae01801ae6766aef554a74b10cf0f
-
SHA1
030c20b6e6dee94dbcf895ab61aa3bc389cd9488
-
SHA256
f0681dc50e4fc46694f011936d37d95fae6a21ad3780452446c6c9b1d2dafc56
-
SHA512
574faae9153e708a48ae161a8e65f8790fb6cf2313724278386130e573b6d125de85633c25bfde519d66a2201eadcf22812c92cbe00e12a409c31d1a4b4a28b8
-
SSDEEP
384:iIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNl+CpQ4s7X4pLR:iIsF81fG9QveLOYTe5YiUCpQfU
Behavioral task
behavioral1
Sample
73eae01801ae6766aef554a74b10cf0f.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
73eae01801ae6766aef554a74b10cf0f.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
mpc1234.no-ip.org
Targets
-
-
Target
73eae01801ae6766aef554a74b10cf0f
-
Size
21KB
-
MD5
73eae01801ae6766aef554a74b10cf0f
-
SHA1
030c20b6e6dee94dbcf895ab61aa3bc389cd9488
-
SHA256
f0681dc50e4fc46694f011936d37d95fae6a21ad3780452446c6c9b1d2dafc56
-
SHA512
574faae9153e708a48ae161a8e65f8790fb6cf2313724278386130e573b6d125de85633c25bfde519d66a2201eadcf22812c92cbe00e12a409c31d1a4b4a28b8
-
SSDEEP
384:iIdmF+Ti213fEF9QZd/cBr5M/gOjkaS4s/1k5YiZNl+CpQ4s7X4pLR:iIsF81fG9QveLOYTe5YiUCpQfU
Score10/10-
Detect XtremeRAT payload
-
Modifies WinLogon for persistence
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-