Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    982ec0a7e4cc9470cb6885b8d816fa45

  • Size

    956KB

  • Sample

    240213-cbazbage7t

  • MD5

    982ec0a7e4cc9470cb6885b8d816fa45

  • SHA1

    9c550995ab7251f60ad625e5d0251374e7ca73f6

  • SHA256

    e0849ba088740afd3f09558cc1d9001b019f3bc4901563f5bc7bfedea2d38860

  • SHA512

    9c5c7ae76d406057d75b7c64f776fdc5b519bbc4b0fa29c4263e41df097ef0a05e9b934ddd95fb65ba6d1e4bfb0672c395fb22ae4f0524169a0900f03b9be7fd

  • SSDEEP

    12288:A/gctSVTWOWOdT/zvTjv95cTGMaqRL2nOxr/JZLYi8gPRyw7V57R8b8oOmn:A/FtATE67LjeJR7nV1k8Z0

Malware Config

Extracted

Family

xtremerat

C2

goshare.dyndns.biz

Targets

    • Target

      982ec0a7e4cc9470cb6885b8d816fa45

    • Size

      956KB

    • MD5

      982ec0a7e4cc9470cb6885b8d816fa45

    • SHA1

      9c550995ab7251f60ad625e5d0251374e7ca73f6

    • SHA256

      e0849ba088740afd3f09558cc1d9001b019f3bc4901563f5bc7bfedea2d38860

    • SHA512

      9c5c7ae76d406057d75b7c64f776fdc5b519bbc4b0fa29c4263e41df097ef0a05e9b934ddd95fb65ba6d1e4bfb0672c395fb22ae4f0524169a0900f03b9be7fd

    • SSDEEP

      12288:A/gctSVTWOWOdT/zvTjv95cTGMaqRL2nOxr/JZLYi8gPRyw7V57R8b8oOmn:A/FtATE67LjeJR7nV1k8Z0

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks