Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b30d6ceb2aa78fd441ce730dfe997b71_JaffaCakes118
-
Size
43KB
-
Sample
240821-l7kytswelr
-
MD5
b30d6ceb2aa78fd441ce730dfe997b71
-
SHA1
3351fc586745b097b31102601b0fb0e56816ed43
-
SHA256
9b3baa5bb78f88d33aaab5db60180360711cd6febdc3f1a9e5750cc147d17bee
-
SHA512
dc7d44705195bb6ed747feef2ea2413891724078fd6a14790370b03bfbede018483a08c3e3d111a3e909a773448f9eff5440dce0134cf3487ac062ccaa40b002
-
SSDEEP
384:OheMAgpCpeyi4lVk/JP8uZ0epRLsDZ4/RvMMT4JGql2ZkNsG3XevPKpzhFO4hIdI:tMPChP4rU+u0Whl222yygzPOMC5f6
Static task
static1
Behavioral task
behavioral1
Sample
b30d6ceb2aa78fd441ce730dfe997b71_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Targets
-
-
Target
b30d6ceb2aa78fd441ce730dfe997b71_JaffaCakes118
-
Size
43KB
-
MD5
b30d6ceb2aa78fd441ce730dfe997b71
-
SHA1
3351fc586745b097b31102601b0fb0e56816ed43
-
SHA256
9b3baa5bb78f88d33aaab5db60180360711cd6febdc3f1a9e5750cc147d17bee
-
SHA512
dc7d44705195bb6ed747feef2ea2413891724078fd6a14790370b03bfbede018483a08c3e3d111a3e909a773448f9eff5440dce0134cf3487ac062ccaa40b002
-
SSDEEP
384:OheMAgpCpeyi4lVk/JP8uZ0epRLsDZ4/RvMMT4JGql2ZkNsG3XevPKpzhFO4hIdI:tMPChP4rU+u0Whl222yygzPOMC5f6
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1