Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b4e12063070e64a2592eccae4aa85bf7_JaffaCakes118

  • Size

    1.9MB

  • MD5

    b4e12063070e64a2592eccae4aa85bf7

  • SHA1

    f983637dfc6567c8d0f2f6f9f890cb1b9e2e951e

  • SHA256

    b1830c3e13f039852a93dee4a54036a568253d8a73282b8255218cec81f27e7f

  • SHA512

    215012cc6f87fc4d9a8db6f503c75ca1c86bec1df13a87c2fd69f66eef1c816ef9707c09244a2e79e0bea015c445d9eb0b616948eabd9b4e1494ae8213529a2f

  • SSDEEP

    49152:5OZJ+0HLSCXTKMgwy9vxL60akE9P9TX+q+gamIZOuhVqrscZsb:5gHWCjUbx20akETTIRVCU

Score
10/10

Malware Config

Signatures

  • Detect XtremeRAT payload 1 IoCs
  • Xtremerat family
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Unsigned PE 7 IoCs

    Checks for missing Authenticode signature.

Files

  • b4e12063070e64a2592eccae4aa85bf7_JaffaCakes118
    .rar
  • ne-bot/.ini
  • ne-bot/README FIRST.txt
  • ne-bot/ne-bot beta v.1.1 (x64).exe
    .exe windows:5 windows x64 arch:x64

    42b8d4fa3bc2c4336a20de1bdf1422d8


    Headers

    Imports

    Sections

  • ne-bot/ne-bot beta v.1.1 (x86).exe
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:5 windows x86 arch:x86


    Headers

    Sections

  • ne-bot/ne-bot edc.dll
    .dll windows:4 windows x86 arch:x86

    8823db3f6e7c61cde8d39bb6b49202f6


    Headers

    Imports

    Sections

  • ne-bot/ne-bot.dll
    .dll regsvr32 windows:6 windows x86 arch:x86

    816f8147ec7462bbaa32b5e7c14835b0


    Headers

    Imports

    Exports

    Sections

  • ne-bot/ne-bot.ico
  • ne-bot/ne_up.exe
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.