Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ed8b4f73f551891b781a74365549a514_JaffaCakes118
-
Size
1.0MB
-
Sample
240411-qvdffacd93
-
MD5
ed8b4f73f551891b781a74365549a514
-
SHA1
be21daeddeca6a221e10c25753f24799fbf7b345
-
SHA256
3284a173e589b196130a10eb56183e4293bfb8e2e12938fe8c03e3134f3e6dbe
-
SHA512
547b222a9f634e2c520ad46f22b963b75641d945c9eb83aa690a5cca741f4509e73495a4c6944fdfbda40b7b05e1c049a2019d067308be88b5a65b6ab9c2d601
-
SSDEEP
24576:Xbmc/W0LYQribz44VybwhuM5ekfgHXMLU/ytvb0k9kIa2:X6kW00QR5U5TU0U/yVb0k+Ia2
Static task
static1
Behavioral task
behavioral1
Sample
ed8b4f73f551891b781a74365549a514_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ed8b4f73f551891b781a74365549a514_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
xtremerat
123boof.no-ip.org
Targets
-
-
Target
ed8b4f73f551891b781a74365549a514_JaffaCakes118
-
Size
1.0MB
-
MD5
ed8b4f73f551891b781a74365549a514
-
SHA1
be21daeddeca6a221e10c25753f24799fbf7b345
-
SHA256
3284a173e589b196130a10eb56183e4293bfb8e2e12938fe8c03e3134f3e6dbe
-
SHA512
547b222a9f634e2c520ad46f22b963b75641d945c9eb83aa690a5cca741f4509e73495a4c6944fdfbda40b7b05e1c049a2019d067308be88b5a65b6ab9c2d601
-
SSDEEP
24576:Xbmc/W0LYQribz44VybwhuM5ekfgHXMLU/ytvb0k9kIa2:X6kW00QR5U5TU0U/yVb0k+Ia2
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-