Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0d13732471c4f64ab1d8b8a44b77d8b5_JaffaCakes118
-
Size
60KB
-
Sample
241003-anyj2aybph
-
MD5
0d13732471c4f64ab1d8b8a44b77d8b5
-
SHA1
8bd1c9fc5cbad1f0e7228d9c61314e3d35f61afd
-
SHA256
c3f996b1cbd48368089bd0f6437bad8e476275ad7125efd1d33126642ff7cdc1
-
SHA512
e86329956afdf62d61728c53f0af415ecfe0ab0d8cbd46aa6b90c675734fae8b65691d418bb6e76c7b1e080972f8074b6e963e5d74b3121a809dc66a04e395e2
-
SSDEEP
768:q38+6jF/90iYiW1jQU9zKgEFQDqkldnBnibh9fOgKHc9S8YzXBBS8YzXBLzoh8:o3g4v1j1PEFQDqkFibT+zFruFrdoh8
Static task
static1
Behavioral task
behavioral1
Sample
0d13732471c4f64ab1d8b8a44b77d8b5_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0d13732471c4f64ab1d8b8a44b77d8b5_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
0d13732471c4f64ab1d8b8a44b77d8b5_JaffaCakes118
-
Size
60KB
-
MD5
0d13732471c4f64ab1d8b8a44b77d8b5
-
SHA1
8bd1c9fc5cbad1f0e7228d9c61314e3d35f61afd
-
SHA256
c3f996b1cbd48368089bd0f6437bad8e476275ad7125efd1d33126642ff7cdc1
-
SHA512
e86329956afdf62d61728c53f0af415ecfe0ab0d8cbd46aa6b90c675734fae8b65691d418bb6e76c7b1e080972f8074b6e963e5d74b3121a809dc66a04e395e2
-
SSDEEP
768:q38+6jF/90iYiW1jQU9zKgEFQDqkldnBnibh9fOgKHc9S8YzXBBS8YzXBLzoh8:o3g4v1j1PEFQDqkFibT+zFruFrdoh8
Score10/10-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1