Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e124bb71f66ce8823770b0d2ad07c9a9
-
Size
779KB
-
Sample
240327-jj4d6aaf9v
-
MD5
e124bb71f66ce8823770b0d2ad07c9a9
-
SHA1
86c93a1007da894d937d9136851dac45f3036604
-
SHA256
bf585c924bd41f48b5d370d73fc3c52fa5f3004c2722a918b65446d994e7d1ec
-
SHA512
2eb78fac81ae3de7a61b611e7c8240e85b034326a5d4665a60ce49b49d2a72cbcd6428ee0292edb52016d9d2cc31cc9027dced405cee5e8a72930a05dc072fbb
-
SSDEEP
12288:chkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aaiKOA0a2wi+8pJ:URmJkcoQricOIQxiZY1iaaiA0hwv8L
Static task
static1
Behavioral task
behavioral1
Sample
e124bb71f66ce8823770b0d2ad07c9a9.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e124bb71f66ce8823770b0d2ad07c9a9.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
e124bb71f66ce8823770b0d2ad07c9a9
-
Size
779KB
-
MD5
e124bb71f66ce8823770b0d2ad07c9a9
-
SHA1
86c93a1007da894d937d9136851dac45f3036604
-
SHA256
bf585c924bd41f48b5d370d73fc3c52fa5f3004c2722a918b65446d994e7d1ec
-
SHA512
2eb78fac81ae3de7a61b611e7c8240e85b034326a5d4665a60ce49b49d2a72cbcd6428ee0292edb52016d9d2cc31cc9027dced405cee5e8a72930a05dc072fbb
-
SSDEEP
12288:chkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aaiKOA0a2wi+8pJ:URmJkcoQricOIQxiZY1iaaiA0hwv8L
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-