Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    68efcf3a6c574a8def8b7df6ad0b7c38_JaffaCakes118

  • Size

    89KB

  • Sample

    240723-zzlr2s1hpd

  • MD5

    68efcf3a6c574a8def8b7df6ad0b7c38

  • SHA1

    7ce9b6f8b295db974020a34a1bcaf3738d8b3b0a

  • SHA256

    499d0cec036abba82cd11c372db30a850133d23c3962244f9d77e16e3099915a

  • SHA512

    a0b9d4fb32717f7d27c42c3a26841bc1e2837e9b1475ee49c3056267b1b817d6b005f08b0fbeaa2e74c88ce59699d8094fbef257bf11337726668f76f9f1e46b

  • SSDEEP

    1536:OjUxUR3GM6hF+Ar+L01A5+yLml+weU71INBq8DzAUTGN:vUR3Z6hF+Ar+oUcIUONBFDzaN

Malware Config

Extracted

Family

xtremerat

C2

lepra.sytes.net

Targets

    • Target

      68efcf3a6c574a8def8b7df6ad0b7c38_JaffaCakes118

    • Size

      89KB

    • MD5

      68efcf3a6c574a8def8b7df6ad0b7c38

    • SHA1

      7ce9b6f8b295db974020a34a1bcaf3738d8b3b0a

    • SHA256

      499d0cec036abba82cd11c372db30a850133d23c3962244f9d77e16e3099915a

    • SHA512

      a0b9d4fb32717f7d27c42c3a26841bc1e2837e9b1475ee49c3056267b1b817d6b005f08b0fbeaa2e74c88ce59699d8094fbef257bf11337726668f76f9f1e46b

    • SSDEEP

      1536:OjUxUR3GM6hF+Ar+L01A5+yLml+weU71INBq8DzAUTGN:vUR3Z6hF+Ar+oUcIUONBFDzaN

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks