Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b30d6ceb2aa78fd441ce730dfe997b71_JaffaCakes118

  • Size

    43KB

  • Sample

    240821-l7kytswelr

  • MD5

    b30d6ceb2aa78fd441ce730dfe997b71

  • SHA1

    3351fc586745b097b31102601b0fb0e56816ed43

  • SHA256

    9b3baa5bb78f88d33aaab5db60180360711cd6febdc3f1a9e5750cc147d17bee

  • SHA512

    dc7d44705195bb6ed747feef2ea2413891724078fd6a14790370b03bfbede018483a08c3e3d111a3e909a773448f9eff5440dce0134cf3487ac062ccaa40b002

  • SSDEEP

    384:OheMAgpCpeyi4lVk/JP8uZ0epRLsDZ4/RvMMT4JGql2ZkNsG3XevPKpzhFO4hIdI:tMPChP4rU+u0Whl222yygzPOMC5f6

Malware Config

Targets

    • Target

      b30d6ceb2aa78fd441ce730dfe997b71_JaffaCakes118

    • Size

      43KB

    • MD5

      b30d6ceb2aa78fd441ce730dfe997b71

    • SHA1

      3351fc586745b097b31102601b0fb0e56816ed43

    • SHA256

      9b3baa5bb78f88d33aaab5db60180360711cd6febdc3f1a9e5750cc147d17bee

    • SHA512

      dc7d44705195bb6ed747feef2ea2413891724078fd6a14790370b03bfbede018483a08c3e3d111a3e909a773448f9eff5440dce0134cf3487ac062ccaa40b002

    • SSDEEP

      384:OheMAgpCpeyi4lVk/JP8uZ0epRLsDZ4/RvMMT4JGql2ZkNsG3XevPKpzhFO4hIdI:tMPChP4rU+u0Whl222yygzPOMC5f6

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks