Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_0f28d9f5713a606bc1bc8554bb9fd694
-
Size
934KB
-
Sample
250122-tccyqstnaw
-
MD5
0f28d9f5713a606bc1bc8554bb9fd694
-
SHA1
bf56f7f7dd8860e698f58aea2e2e658dbe705008
-
SHA256
080473b13a294961678932c9b543a55695995da095fbe446d2b7419ba894f618
-
SHA512
1de48bfe31388cc88d54ac0374f484291b43275991b0ee184febc39c7cb7b9e4aff1e31149e68adc56e63a76f3a41364b1c1f733ce80e3c126984349d08f5091
-
SSDEEP
24576:0KfWvLrUv+SVuPm+aGkIumDBqQOb2dr5CNiadAWOvja5:RkPUGsu++a2ume4EC5vjk
Static task
static1
Behavioral task
behavioral1
Sample
MSNTRO~1.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
MSNTRO~1.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
msndll.exe
Resource
win7-20240903-en
Malware Config
Extracted
xtremerat
mikropbisey.no-ip.biz
Targets
-
-
Target
MSNTRO~1.EXE
-
Size
1.8MB
-
MD5
f7fc6598d7256905a765ac27afd68174
-
SHA1
ad1f67a8ca392711fff9abbfba502c3c4a82d3c8
-
SHA256
313dc4f22f34f63ae40aa915767fbe693b7cefe8e7040362bfd4a3f7ae12459f
-
SHA512
31023df4723bcc8ecaa2a90b9e15d31f514cce2a006514704dd6b2a229e5cea85ac0f867b8e6e1fce66f05582edb8e6e0bb2978514009ba28979870b8ee98da7
-
SSDEEP
24576:GDmCbxoC8hklOCUK9TmRohThgBhhZmHt6iae84BhhZvHXFUf2QS:GN9oCgkE16mSYbQ0pubP1ijS
Score3/10 -
-
-
Target
msndll.exe
-
Size
119KB
-
MD5
444af42eedf1678eba46eb04aa3310dd
-
SHA1
7e3d7e95820dce4ed0b2775123513fe40463332b
-
SHA256
438e621864ee31ab757e92ef4e5120d2a8142fcd650d10f992cedfa236ea3064
-
SHA512
b7656360ff7556589e20bc9dea5fe58dafd1e1ed7546892ce5fbadb84d24a15a234251729272a3730f42a870b8d16e87f52946a657a9272ff92a8dbedebf8d2e
-
SSDEEP
1536:pOF7+/JyYNWJ85KSUav8lnpmVdhcHgWm1o+Uam5w01yKb:pOFS/IYNWSwSUZmnmAr157m5Z1/
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Suspicious use of SetThreadContext
-