Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
fa433772a2fbd5d509e9a2b4cbda4a09_JaffaCakes118
-
Size
198KB
-
Sample
240927-msnxls1ejc
-
MD5
fa433772a2fbd5d509e9a2b4cbda4a09
-
SHA1
8d7eaffd18760a2378235c3ab8a9dc697f004e65
-
SHA256
73778274ba4594512defec0aa62b79dcbf43af1e4f9e905c92386d189276ae84
-
SHA512
4922614bf77fa612ccf85c04e712fe981a3364e7f336ffd389fa56eefde1896242fa5e20e37e1d99d9ad79895f70f4eaad9aa3e05be16d0519109c236622f2b5
-
SSDEEP
3072:0XVL++CyQTUh4O43HAk8duEys91lxYC5/qAq+EEtrtzwR1Zx1WAjqY:081yQH7Eys9nxV5/qAYEZtzwR1Zx1
Static task
static1
Behavioral task
behavioral1
Sample
fa433772a2fbd5d509e9a2b4cbda4a09_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
fa433772a2fbd5d509e9a2b4cbda4a09_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
fa433772a2fbd5d509e9a2b4cbda4a09_JaffaCakes118
-
Size
198KB
-
MD5
fa433772a2fbd5d509e9a2b4cbda4a09
-
SHA1
8d7eaffd18760a2378235c3ab8a9dc697f004e65
-
SHA256
73778274ba4594512defec0aa62b79dcbf43af1e4f9e905c92386d189276ae84
-
SHA512
4922614bf77fa612ccf85c04e712fe981a3364e7f336ffd389fa56eefde1896242fa5e20e37e1d99d9ad79895f70f4eaad9aa3e05be16d0519109c236622f2b5
-
SSDEEP
3072:0XVL++CyQTUh4O43HAk8duEys91lxYC5/qAq+EEtrtzwR1Zx1WAjqY:081yQH7Eys9nxV5/qAYEZtzwR1Zx1
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-