Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a7c3493de6970cd2c7f3fa099893459e_JaffaCakes118

  • Size

    101KB

  • Sample

    240818-w8avcs1cnk

  • MD5

    a7c3493de6970cd2c7f3fa099893459e

  • SHA1

    a8b0e309791b5b47b8dee083c7071625560379aa

  • SHA256

    63bf4e48621084d50df9174f5c548168ebb3c26d91299d9e129c30b37b6a33b7

  • SHA512

    26a2417ea4e2d022a1b96b6f30cebb1bc56bffb3a30bd3421b8dfcc14f95700f34e6b8b131e7868ddf16cc18111145ca6d47a6d4310dca03ee811eedc0b657b6

  • SSDEEP

    1536:Ogh/Qk5xku/BTxnW069gE9nKzFre0FT98nvhVGqDjNldt8+xwIiuilPLzHPop3a4:7h/Qk5xku/BTQ00hVGYjNdliRLzw

Malware Config

Extracted

Family

xtremerat

C2

ketchup.no-ip.biz

Targets

    • Target

      a7c3493de6970cd2c7f3fa099893459e_JaffaCakes118

    • Size

      101KB

    • MD5

      a7c3493de6970cd2c7f3fa099893459e

    • SHA1

      a8b0e309791b5b47b8dee083c7071625560379aa

    • SHA256

      63bf4e48621084d50df9174f5c548168ebb3c26d91299d9e129c30b37b6a33b7

    • SHA512

      26a2417ea4e2d022a1b96b6f30cebb1bc56bffb3a30bd3421b8dfcc14f95700f34e6b8b131e7868ddf16cc18111145ca6d47a6d4310dca03ee811eedc0b657b6

    • SSDEEP

      1536:Ogh/Qk5xku/BTxnW069gE9nKzFre0FT98nvhVGqDjNldt8+xwIiuilPLzHPop3a4:7h/Qk5xku/BTQ00hVGYjNdliRLzw

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks