Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
445b8009dd362ed5012282d275200d46_JaffaCakes118
-
Size
125KB
-
Sample
241014-1qspnsybng
-
MD5
445b8009dd362ed5012282d275200d46
-
SHA1
3f741c7019db0c4ca566f6232e5a1861e33f5ffa
-
SHA256
abdca7f8c8ab28a92898d3c89bb7288d868545df51802bdf66202255dec3ed09
-
SHA512
8ed9ed04c34672094ffb337f93831f20556081ab66e1635c1754f975adeb3f92439a7fba94f0a8eaf735c7726b67bf568643e9f47f956d17e9ccd226fcd9c389
-
SSDEEP
3072:wdb4uocLRg9kJU/KRSM+ioQIyoiAhmiOCdiUD2WBB2AYj1HXeG:clR1JU/KRSM+iFIyoiAh7OC4UDxBBx4J
Static task
static1
Behavioral task
behavioral1
Sample
445b8009dd362ed5012282d275200d46_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
xtremerat
iceop.no-ip.org
Targets
-
-
Target
445b8009dd362ed5012282d275200d46_JaffaCakes118
-
Size
125KB
-
MD5
445b8009dd362ed5012282d275200d46
-
SHA1
3f741c7019db0c4ca566f6232e5a1861e33f5ffa
-
SHA256
abdca7f8c8ab28a92898d3c89bb7288d868545df51802bdf66202255dec3ed09
-
SHA512
8ed9ed04c34672094ffb337f93831f20556081ab66e1635c1754f975adeb3f92439a7fba94f0a8eaf735c7726b67bf568643e9f47f956d17e9ccd226fcd9c389
-
SSDEEP
3072:wdb4uocLRg9kJU/KRSM+ioQIyoiAhmiOCdiUD2WBB2AYj1HXeG:clR1JU/KRSM+iFIyoiAh7OC4UDxBBx4J
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Suspicious use of SetThreadContext
-