Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3f62ab7b6ee72afeead55185c04c4616_JaffaCakes118

  • Size

    81KB

  • Sample

    241013-mq8t1ascph

  • MD5

    3f62ab7b6ee72afeead55185c04c4616

  • SHA1

    df0c6e00a00578e1725273eea97f73d9de832b97

  • SHA256

    af951baf282071dbaa566ed420ed6d7e23ac8c614fa154d6f0069d981c83fd3d

  • SHA512

    a368aff28d3a24eac13a5e84887d5bea9e3209c93249473c478571a69874358310a21bb52644793c9d2d5b7b9866d1578211be58a833fd6867633e4c6e9c3da6

  • SSDEEP

    1536:WG2EnTramCVTJ10e9yhVu6LnuO+riYw7ePFy2y75AMH:WynvBCVTJ10ey0EKz4ztJH

Malware Config

Extracted

Family

xtremerat

C2

ianouar25.zapto.org

Targets

    • Target

      3f62ab7b6ee72afeead55185c04c4616_JaffaCakes118

    • Size

      81KB

    • MD5

      3f62ab7b6ee72afeead55185c04c4616

    • SHA1

      df0c6e00a00578e1725273eea97f73d9de832b97

    • SHA256

      af951baf282071dbaa566ed420ed6d7e23ac8c614fa154d6f0069d981c83fd3d

    • SHA512

      a368aff28d3a24eac13a5e84887d5bea9e3209c93249473c478571a69874358310a21bb52644793c9d2d5b7b9866d1578211be58a833fd6867633e4c6e9c3da6

    • SSDEEP

      1536:WG2EnTramCVTJ10e9yhVu6LnuO+riYw7ePFy2y75AMH:WynvBCVTJ10ey0EKz4ztJH

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks