Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10ne-bot/ne-...4).exe
windows7-x64
10ne-bot/ne-...4).exe
windows10-2004-x64
10ne-bot/ne-...6).exe
windows7-x64
10ne-bot/ne-...6).exe
windows10-2004-x64
10ne-bot/ne-bot edc.dll
windows7-x64
3ne-bot/ne-bot edc.dll
windows10-2004-x64
3ne-bot/ne-bot.dll
windows7-x64
3ne-bot/ne-bot.dll
windows10-2004-x64
3ne-bot/ne_up.exe
windows7-x64
10ne-bot/ne_up.exe
windows10-2004-x64
10General
-
Target
b4e12063070e64a2592eccae4aa85bf7_JaffaCakes118
-
Size
1.9MB
-
Sample
240821-y1ppnasbql
-
MD5
b4e12063070e64a2592eccae4aa85bf7
-
SHA1
f983637dfc6567c8d0f2f6f9f890cb1b9e2e951e
-
SHA256
b1830c3e13f039852a93dee4a54036a568253d8a73282b8255218cec81f27e7f
-
SHA512
215012cc6f87fc4d9a8db6f503c75ca1c86bec1df13a87c2fd69f66eef1c816ef9707c09244a2e79e0bea015c445d9eb0b616948eabd9b4e1494ae8213529a2f
-
SSDEEP
49152:5OZJ+0HLSCXTKMgwy9vxL60akE9P9TX+q+gamIZOuhVqrscZsb:5gHWCjUbx20akETTIRVCU
Behavioral task
behavioral1
Sample
ne-bot/ne-bot beta v.1.1 (x64).exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
ne-bot/ne-bot beta v.1.1 (x64).exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
ne-bot/ne-bot beta v.1.1 (x86).exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
ne-bot/ne-bot beta v.1.1 (x86).exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
ne-bot/ne-bot edc.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
ne-bot/ne-bot edc.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
ne-bot/ne-bot.dll
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
ne-bot/ne-bot.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
ne-bot/ne_up.exe
Resource
win7-20240708-en
Malware Config
Extracted
xtremerat
yourchance19.no-ip.biz
Targets
-
-
Target
ne-bot/ne-bot beta v.1.1 (x64).exe
-
Size
1.1MB
-
MD5
ccd462320dcd0eae2437c9fc92bb97cd
-
SHA1
db95847f3a592c8959ad381099e20641da350348
-
SHA256
6ffdbe1d18a5f9cf4f3f8de9f230a5cb59d9d403df10b2d7eef859a144500412
-
SHA512
08061b7fcef132c90f779aaa0f7ff9338e51686769214431fbaee4ef96091f7d22b91483eea8122bca3b242d9c688e22b0d29a469273c95f308f07dc85b64c9c
-
SSDEEP
24576:y2DW/xbHX2YIbCQsu3/PNL7Q/Hyc8lOuQ2VdEz43:y2EjXHQsW/PN3Qf1UOuQadEzK
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
ne-bot/ne-bot beta v.1.1 (x86).exe
-
Size
596KB
-
MD5
8ead6aa52c8f84637c95a64deef536c5
-
SHA1
d1e6fd86f7b47ccd11b8ffadc7f74b9721f9bb2e
-
SHA256
76ebd0d9944b3557c7f2575ae985774950a00156d84e524dd963986e352222ac
-
SHA512
ec878cfbec7e0bac0b9db02c7529e2886639870f255b5a30ba46b49d72e2a86744dd12d0056c4d3a3d700226280cb283c34be5cc6e635619cb5bc16305471166
-
SSDEEP
12288:fjkArEN249AyE/rbaMct4bO2/VEU5fXIyNOFF2VdEmmVCPf:MFE//Tct4bOsLQYOz2VdEz43
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory
-
-
-
Target
ne-bot/ne-bot edc.dll
-
Size
604KB
-
MD5
1f55c7c1e338047dc5e329011a781fb3
-
SHA1
fbaacc4c5c2a6cf0dfb980a4ba94bbda8e86c723
-
SHA256
1fd4a2c44dddce33dec60e13ce3b7315782f310955cc13d7416eb10865a00229
-
SHA512
9bab5541d5ce08dda5306835a9069c0db75c2dfc0cc336d57000c4dd276282096ec77df4fa5ab1fcc4f56915c32ca1dc39cbf391eebc80ce59a5b24ee05eac63
-
SSDEEP
6144:53iyn569/L1Uc5gAeDOxwfENtHO5JZ5SQV3YwQwnAU1ZOhefo5EJ5:5X5mLWu06UEP0Z5z39jjyao
Score3/10 -
-
-
Target
ne-bot/ne-bot.dll
-
Size
2.0MB
-
MD5
f9e79fa16bac237b5e635f9fcc2a377c
-
SHA1
ddfcae2db65bfea608a4f6f6d33bfe588bc0b84e
-
SHA256
844f1418e05dfd12a127095c736406bd53e12cf7658cc9fd719c8e5ef6d11348
-
SHA512
030d91885e4106e31859000353bdee108044d1d99240fb9b5cc66b154e8548ca8b23ada4d196a176a809daaeb34dcb0c7b2ceaa2424141fb2fee769e761737cd
-
SSDEEP
24576:NH4El2AjGSEDLiAq1+C3MNNOCrXHKHn7YJcRaWK7EjhOg4e9:NH17jGSE/C1+pNNbrXHa7YJc4Et/N
Score3/10 -
-
-
Target
ne-bot/ne_up.exe
-
Size
33KB
-
MD5
cbaa5c06c1d253f33980175fa09de48b
-
SHA1
17dea142b13a915d4816b1665286d6314ae5026d
-
SHA256
2e7fdcac629313ff20d0310564442a641f4371440853c6e60b1e38c55db1baee
-
SHA512
671cbfdceeef3f6051d68f358ca1a4213664366c995d691509f6c80b7a54ddea25eb4fdac1dc7d791233cd5ca81617d277b50c1344a05e1dccbc6fda1caa9e8f
-
SSDEEP
768:SMuijtHf5g7/IIG3bGcYDBSvFIWuePQtv66lktACxAIBwY:PNW71rcYDAWeotvXlyDxM
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1