Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Release.zip

  • Size

    6.4MB

  • Sample

    250203-rpm85atkhv

  • MD5

    0ac7270ebbf7914fa19f0a20b7725338

  • SHA1

    04b140f70fa4f6e8c4003fd993a2260073242d53

  • SHA256

    4cd52a1328ac7b1e2856007eb6eb721441f275f5c5b0049f6e8ba0a1f1c98be0

  • SHA512

    71b340eb439cd192f2fb490d6e7b12377d7755e912d6e045796f1ebe565f497840f8d4d3cd550225818728034bed687e078a6e73975b07741785bc20df9dbdae

  • SSDEEP

    196608:vMSPrNiQ7KRy+EPqbTwVLW83FUSA7WQZzwM3/C2c6:DDNdORywWB1USA7WS/vc6

Malware Config

Extracted

Family

xenorat

C2

localhost

127.0.0.1

Mutex

testing 123123

Attributes
  • delay

    1000

  • install_path

    nothingset

  • port

    1234

  • startup_name

    nothingset

Targets

    • Target

      Release.zip

    • Size

      6.4MB

    • MD5

      0ac7270ebbf7914fa19f0a20b7725338

    • SHA1

      04b140f70fa4f6e8c4003fd993a2260073242d53

    • SHA256

      4cd52a1328ac7b1e2856007eb6eb721441f275f5c5b0049f6e8ba0a1f1c98be0

    • SHA512

      71b340eb439cd192f2fb490d6e7b12377d7755e912d6e045796f1ebe565f497840f8d4d3cd550225818728034bed687e078a6e73975b07741785bc20df9dbdae

    • SSDEEP

      196608:vMSPrNiQ7KRy+EPqbTwVLW83FUSA7WQZzwM3/C2c6:DDNdORywWB1USA7WS/vc6

    • Detect XenoRat Payload

    • XenorRat

      XenorRat is a remote access trojan written in C#.

    • Xenorat family

    • Executes dropped EXE

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks