Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4b7459bcdc1972e559f8c9455906797b_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241016-fdpf9stbjd

  • MD5

    4b7459bcdc1972e559f8c9455906797b

  • SHA1

    0c33115ee013d716a53a3645b436093c9bbc0109

  • SHA256

    3027fe888db37881d84337a844d1a33090a7f05ae746d19be9a1caeda268d915

  • SHA512

    ae9df7f7380066021a66d7f77caf4fef3f222f1c90700fbc7041ce404be178096e5f0ee1bb07b08ec1fe0559f6a529aea9b26786c03cc455c78d483cfdb44d76

  • SSDEEP

    24576:xCnCp7eUQYU5q4Ypnx8DpLjGMCyFLjYGCsYFdnocS:xCnCp7d/bHRSd/pVL0S

Malware Config

Extracted

Family

xtremerat

C2

umtakcicek.dyndns.org

ࠁ谀umtakcicek.dyndns.org

Targets

    • Target

      4b7459bcdc1972e559f8c9455906797b_JaffaCakes118

    • Size

      1.1MB

    • MD5

      4b7459bcdc1972e559f8c9455906797b

    • SHA1

      0c33115ee013d716a53a3645b436093c9bbc0109

    • SHA256

      3027fe888db37881d84337a844d1a33090a7f05ae746d19be9a1caeda268d915

    • SHA512

      ae9df7f7380066021a66d7f77caf4fef3f222f1c90700fbc7041ce404be178096e5f0ee1bb07b08ec1fe0559f6a529aea9b26786c03cc455c78d483cfdb44d76

    • SSDEEP

      24576:xCnCp7eUQYU5q4Ypnx8DpLjGMCyFLjYGCsYFdnocS:xCnCp7d/bHRSd/pVL0S

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks