Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    156f0c14b41c8d2924b4649567f43b3a_JaffaCakes118

  • Size

    198KB

  • Sample

    240627-k4cydawcqj

  • MD5

    156f0c14b41c8d2924b4649567f43b3a

  • SHA1

    026df5fccde95937a4299b04f015d83c4ded7682

  • SHA256

    b25111afe74845bb2ee49b59e72b15029d87764e32cbcb83065d24c56794ea71

  • SHA512

    7c67a76be959e4a44cd87bff043fba68df4f403864436c047cce28c8159d82c9051c0efe23fee688133ce56d8302b41c3140fc7d7ce6ba53d4c3cf7d15041b95

  • SSDEEP

    6144:ZKtVKQQn+aCyIK3ccnMxjlU0gYJ1z6m/A:ZKfKFW1K3DnsfRJg

Malware Config

Extracted

Family

xtremerat

C2

franco1.no-ip.org

Targets

    • Target

      156f0c14b41c8d2924b4649567f43b3a_JaffaCakes118

    • Size

      198KB

    • MD5

      156f0c14b41c8d2924b4649567f43b3a

    • SHA1

      026df5fccde95937a4299b04f015d83c4ded7682

    • SHA256

      b25111afe74845bb2ee49b59e72b15029d87764e32cbcb83065d24c56794ea71

    • SHA512

      7c67a76be959e4a44cd87bff043fba68df4f403864436c047cce28c8159d82c9051c0efe23fee688133ce56d8302b41c3140fc7d7ce6ba53d4c3cf7d15041b95

    • SSDEEP

      6144:ZKtVKQQn+aCyIK3ccnMxjlU0gYJ1z6m/A:ZKfKFW1K3DnsfRJg

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks