Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fa433772a2fbd5d509e9a2b4cbda4a09_JaffaCakes118

  • Size

    198KB

  • Sample

    240927-msnxls1ejc

  • MD5

    fa433772a2fbd5d509e9a2b4cbda4a09

  • SHA1

    8d7eaffd18760a2378235c3ab8a9dc697f004e65

  • SHA256

    73778274ba4594512defec0aa62b79dcbf43af1e4f9e905c92386d189276ae84

  • SHA512

    4922614bf77fa612ccf85c04e712fe981a3364e7f336ffd389fa56eefde1896242fa5e20e37e1d99d9ad79895f70f4eaad9aa3e05be16d0519109c236622f2b5

  • SSDEEP

    3072:0XVL++CyQTUh4O43HAk8duEys91lxYC5/qAq+EEtrtzwR1Zx1WAjqY:081yQH7Eys9nxV5/qAYEZtzwR1Zx1

Malware Config

Targets

    • Target

      fa433772a2fbd5d509e9a2b4cbda4a09_JaffaCakes118

    • Size

      198KB

    • MD5

      fa433772a2fbd5d509e9a2b4cbda4a09

    • SHA1

      8d7eaffd18760a2378235c3ab8a9dc697f004e65

    • SHA256

      73778274ba4594512defec0aa62b79dcbf43af1e4f9e905c92386d189276ae84

    • SHA512

      4922614bf77fa612ccf85c04e712fe981a3364e7f336ffd389fa56eefde1896242fa5e20e37e1d99d9ad79895f70f4eaad9aa3e05be16d0519109c236622f2b5

    • SSDEEP

      3072:0XVL++CyQTUh4O43HAk8duEys91lxYC5/qAq+EEtrtzwR1Zx1WAjqY:081yQH7Eys9nxV5/qAYEZtzwR1Zx1

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks