Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8fbaf88258e1acee8e1c85cb1cd92386

  • Size

    183KB

  • Sample

    240204-vx6l8ahahk

  • MD5

    8fbaf88258e1acee8e1c85cb1cd92386

  • SHA1

    07375744c64ac222cb863088bb3897533ced6770

  • SHA256

    4aa74c09b33e85f7de851c4caf58f9cbec4f1ac6fdd1ed231e66e0a3335dd840

  • SHA512

    665a1e8cb3e9b2101aa6112ce46227aa0313978ddea5bad696d001bdcd70e9b0dc2c26c5a1894ca67b7e0ec16f6404ecc530cb84bc554194c3442940697efbe3

  • SSDEEP

    3072:hBPe+2TmObY97TkP7r7QYz0vaRUU4I82pdwVP8KmDnYZUpyl+9R2uhYJ5jP:veTmOb0fC/WypdwVkK8nxxhe

Malware Config

Extracted

Family

xtremerat

C2

headnoip.zapto.org

Targets

    • Target

      8fbaf88258e1acee8e1c85cb1cd92386

    • Size

      183KB

    • MD5

      8fbaf88258e1acee8e1c85cb1cd92386

    • SHA1

      07375744c64ac222cb863088bb3897533ced6770

    • SHA256

      4aa74c09b33e85f7de851c4caf58f9cbec4f1ac6fdd1ed231e66e0a3335dd840

    • SHA512

      665a1e8cb3e9b2101aa6112ce46227aa0313978ddea5bad696d001bdcd70e9b0dc2c26c5a1894ca67b7e0ec16f6404ecc530cb84bc554194c3442940697efbe3

    • SSDEEP

      3072:hBPe+2TmObY97TkP7r7QYz0vaRUU4I82pdwVP8KmDnYZUpyl+9R2uhYJ5jP:veTmOb0fC/WypdwVkK8nxxhe

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks