Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    445b8009dd362ed5012282d275200d46_JaffaCakes118

  • Size

    125KB

  • Sample

    241014-1qspnsybng

  • MD5

    445b8009dd362ed5012282d275200d46

  • SHA1

    3f741c7019db0c4ca566f6232e5a1861e33f5ffa

  • SHA256

    abdca7f8c8ab28a92898d3c89bb7288d868545df51802bdf66202255dec3ed09

  • SHA512

    8ed9ed04c34672094ffb337f93831f20556081ab66e1635c1754f975adeb3f92439a7fba94f0a8eaf735c7726b67bf568643e9f47f956d17e9ccd226fcd9c389

  • SSDEEP

    3072:wdb4uocLRg9kJU/KRSM+ioQIyoiAhmiOCdiUD2WBB2AYj1HXeG:clR1JU/KRSM+iFIyoiAh7OC4UDxBBx4J

Malware Config

Extracted

Family

xtremerat

C2

iceop.no-ip.org

Targets

    • Target

      445b8009dd362ed5012282d275200d46_JaffaCakes118

    • Size

      125KB

    • MD5

      445b8009dd362ed5012282d275200d46

    • SHA1

      3f741c7019db0c4ca566f6232e5a1861e33f5ffa

    • SHA256

      abdca7f8c8ab28a92898d3c89bb7288d868545df51802bdf66202255dec3ed09

    • SHA512

      8ed9ed04c34672094ffb337f93831f20556081ab66e1635c1754f975adeb3f92439a7fba94f0a8eaf735c7726b67bf568643e9f47f956d17e9ccd226fcd9c389

    • SSDEEP

      3072:wdb4uocLRg9kJU/KRSM+ioQIyoiAhmiOCdiUD2WBB2AYj1HXeG:clR1JU/KRSM+iFIyoiAh7OC4UDxBBx4J

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks