Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d3d3f5e64f2ff6d139b39c5d50d4b254_JaffaCakes118

  • Size

    106KB

  • Sample

    240908-h54flsvhjb

  • MD5

    d3d3f5e64f2ff6d139b39c5d50d4b254

  • SHA1

    7fc09d9a6dab0079e4fcdd9f202c350eeef5dd7a

  • SHA256

    26365ec7770efd2bda8fb2c5e332fcf0787f55eab3d134949cb1706655c960e8

  • SHA512

    87966bd4aeb450e07fd2c1139c25a38f7543ca73c7dacfcddd152ef135ba7a99347aad3bef23bc4f22b0135e3256896aaf5e9f9e7e4f4ec613259b9dde5dd4f0

  • SSDEEP

    3072:1DEP34OIxXt29n31SDeoQNsmqB9Dq145bzHTFxS:1Dm4OoU5Mq5N49W1CbzHTFxS

Malware Config

Extracted

Family

xtremerat

C2

dannymatrix.no-ip.org

Targets

    • Target

      d3d3f5e64f2ff6d139b39c5d50d4b254_JaffaCakes118

    • Size

      106KB

    • MD5

      d3d3f5e64f2ff6d139b39c5d50d4b254

    • SHA1

      7fc09d9a6dab0079e4fcdd9f202c350eeef5dd7a

    • SHA256

      26365ec7770efd2bda8fb2c5e332fcf0787f55eab3d134949cb1706655c960e8

    • SHA512

      87966bd4aeb450e07fd2c1139c25a38f7543ca73c7dacfcddd152ef135ba7a99347aad3bef23bc4f22b0135e3256896aaf5e9f9e7e4f4ec613259b9dde5dd4f0

    • SSDEEP

      3072:1DEP34OIxXt29n31SDeoQNsmqB9Dq145bzHTFxS:1Dm4OoU5Mq5N49W1CbzHTFxS

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks