Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
156f0c14b41c8d2924b4649567f43b3a_JaffaCakes118
-
Size
198KB
-
Sample
240627-k4cydawcqj
-
MD5
156f0c14b41c8d2924b4649567f43b3a
-
SHA1
026df5fccde95937a4299b04f015d83c4ded7682
-
SHA256
b25111afe74845bb2ee49b59e72b15029d87764e32cbcb83065d24c56794ea71
-
SHA512
7c67a76be959e4a44cd87bff043fba68df4f403864436c047cce28c8159d82c9051c0efe23fee688133ce56d8302b41c3140fc7d7ce6ba53d4c3cf7d15041b95
-
SSDEEP
6144:ZKtVKQQn+aCyIK3ccnMxjlU0gYJ1z6m/A:ZKfKFW1K3DnsfRJg
Static task
static1
Behavioral task
behavioral1
Sample
156f0c14b41c8d2924b4649567f43b3a_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
156f0c14b41c8d2924b4649567f43b3a_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
xtremerat
franco1.no-ip.org
Targets
-
-
Target
156f0c14b41c8d2924b4649567f43b3a_JaffaCakes118
-
Size
198KB
-
MD5
156f0c14b41c8d2924b4649567f43b3a
-
SHA1
026df5fccde95937a4299b04f015d83c4ded7682
-
SHA256
b25111afe74845bb2ee49b59e72b15029d87764e32cbcb83065d24c56794ea71
-
SHA512
7c67a76be959e4a44cd87bff043fba68df4f403864436c047cce28c8159d82c9051c0efe23fee688133ce56d8302b41c3140fc7d7ce6ba53d4c3cf7d15041b95
-
SSDEEP
6144:ZKtVKQQn+aCyIK3ccnMxjlU0gYJ1z6m/A:ZKfKFW1K3DnsfRJg
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-