Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    08db4f5117bda85baac089a4a67f827f_JaffaCakes118

  • Size

    95KB

  • Sample

    241002-eyshzs1ajg

  • MD5

    08db4f5117bda85baac089a4a67f827f

  • SHA1

    80cc4582c535386d39691740a5b7e7ea523cf4bb

  • SHA256

    e0de3fbb587da212a1f8e5e97270baab98d74343cd50e387c824e02020a09ae6

  • SHA512

    a794328a1cf9a17de965b8484a760122b200537710e530d98d5c8c3d357b172db8de1b413c774c67def4d5aea0713b8fb221151ba6c057c56c3ff70895c17a51

  • SSDEEP

    1536:7hhUn6+sUTOdbbepQKRHdhEkv9TZ/XJYmAHgoJBVPwihzcjWrnIXo2:dhCgbKnhv9JgHX1JhBnIXo

Malware Config

Extracted

Family

xtremerat

C2

sherifako.no-ip.biz

Targets

    • Target

      08db4f5117bda85baac089a4a67f827f_JaffaCakes118

    • Size

      95KB

    • MD5

      08db4f5117bda85baac089a4a67f827f

    • SHA1

      80cc4582c535386d39691740a5b7e7ea523cf4bb

    • SHA256

      e0de3fbb587da212a1f8e5e97270baab98d74343cd50e387c824e02020a09ae6

    • SHA512

      a794328a1cf9a17de965b8484a760122b200537710e530d98d5c8c3d357b172db8de1b413c774c67def4d5aea0713b8fb221151ba6c057c56c3ff70895c17a51

    • SSDEEP

      1536:7hhUn6+sUTOdbbepQKRHdhEkv9TZ/XJYmAHgoJBVPwihzcjWrnIXo2:dhCgbKnhv9JgHX1JhBnIXo

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks