Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
982ec0a7e4cc9470cb6885b8d816fa45
-
Size
956KB
-
Sample
240213-cbazbage7t
-
MD5
982ec0a7e4cc9470cb6885b8d816fa45
-
SHA1
9c550995ab7251f60ad625e5d0251374e7ca73f6
-
SHA256
e0849ba088740afd3f09558cc1d9001b019f3bc4901563f5bc7bfedea2d38860
-
SHA512
9c5c7ae76d406057d75b7c64f776fdc5b519bbc4b0fa29c4263e41df097ef0a05e9b934ddd95fb65ba6d1e4bfb0672c395fb22ae4f0524169a0900f03b9be7fd
-
SSDEEP
12288:A/gctSVTWOWOdT/zvTjv95cTGMaqRL2nOxr/JZLYi8gPRyw7V57R8b8oOmn:A/FtATE67LjeJR7nV1k8Z0
Static task
static1
Behavioral task
behavioral1
Sample
982ec0a7e4cc9470cb6885b8d816fa45.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
982ec0a7e4cc9470cb6885b8d816fa45.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
xtremerat
goshare.dyndns.biz
Targets
-
-
Target
982ec0a7e4cc9470cb6885b8d816fa45
-
Size
956KB
-
MD5
982ec0a7e4cc9470cb6885b8d816fa45
-
SHA1
9c550995ab7251f60ad625e5d0251374e7ca73f6
-
SHA256
e0849ba088740afd3f09558cc1d9001b019f3bc4901563f5bc7bfedea2d38860
-
SHA512
9c5c7ae76d406057d75b7c64f776fdc5b519bbc4b0fa29c4263e41df097ef0a05e9b934ddd95fb65ba6d1e4bfb0672c395fb22ae4f0524169a0900f03b9be7fd
-
SSDEEP
12288:A/gctSVTWOWOdT/zvTjv95cTGMaqRL2nOxr/JZLYi8gPRyw7V57R8b8oOmn:A/FtATE67LjeJR7nV1k8Z0
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-