Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
08db4f5117bda85baac089a4a67f827f_JaffaCakes118
-
Size
95KB
-
Sample
241002-eyshzs1ajg
-
MD5
08db4f5117bda85baac089a4a67f827f
-
SHA1
80cc4582c535386d39691740a5b7e7ea523cf4bb
-
SHA256
e0de3fbb587da212a1f8e5e97270baab98d74343cd50e387c824e02020a09ae6
-
SHA512
a794328a1cf9a17de965b8484a760122b200537710e530d98d5c8c3d357b172db8de1b413c774c67def4d5aea0713b8fb221151ba6c057c56c3ff70895c17a51
-
SSDEEP
1536:7hhUn6+sUTOdbbepQKRHdhEkv9TZ/XJYmAHgoJBVPwihzcjWrnIXo2:dhCgbKnhv9JgHX1JhBnIXo
Malware Config
Extracted
xtremerat
sherifako.no-ip.biz
Targets
-
-
Target
08db4f5117bda85baac089a4a67f827f_JaffaCakes118
-
Size
95KB
-
MD5
08db4f5117bda85baac089a4a67f827f
-
SHA1
80cc4582c535386d39691740a5b7e7ea523cf4bb
-
SHA256
e0de3fbb587da212a1f8e5e97270baab98d74343cd50e387c824e02020a09ae6
-
SHA512
a794328a1cf9a17de965b8484a760122b200537710e530d98d5c8c3d357b172db8de1b413c774c67def4d5aea0713b8fb221151ba6c057c56c3ff70895c17a51
-
SSDEEP
1536:7hhUn6+sUTOdbbepQKRHdhEkv9TZ/XJYmAHgoJBVPwihzcjWrnIXo2:dhCgbKnhv9JgHX1JhBnIXo
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1