Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4b7459bcdc1972e559f8c9455906797b_JaffaCakes118
-
Size
1.1MB
-
Sample
241016-fdpf9stbjd
-
MD5
4b7459bcdc1972e559f8c9455906797b
-
SHA1
0c33115ee013d716a53a3645b436093c9bbc0109
-
SHA256
3027fe888db37881d84337a844d1a33090a7f05ae746d19be9a1caeda268d915
-
SHA512
ae9df7f7380066021a66d7f77caf4fef3f222f1c90700fbc7041ce404be178096e5f0ee1bb07b08ec1fe0559f6a529aea9b26786c03cc455c78d483cfdb44d76
-
SSDEEP
24576:xCnCp7eUQYU5q4Ypnx8DpLjGMCyFLjYGCsYFdnocS:xCnCp7d/bHRSd/pVL0S
Static task
static1
Behavioral task
behavioral1
Sample
4b7459bcdc1972e559f8c9455906797b_JaffaCakes118.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
4b7459bcdc1972e559f8c9455906797b_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xtremerat
umtakcicek.dyndns.org
ࠁ谀umtakcicek.dyndns.org
Targets
-
-
Target
4b7459bcdc1972e559f8c9455906797b_JaffaCakes118
-
Size
1.1MB
-
MD5
4b7459bcdc1972e559f8c9455906797b
-
SHA1
0c33115ee013d716a53a3645b436093c9bbc0109
-
SHA256
3027fe888db37881d84337a844d1a33090a7f05ae746d19be9a1caeda268d915
-
SHA512
ae9df7f7380066021a66d7f77caf4fef3f222f1c90700fbc7041ce404be178096e5f0ee1bb07b08ec1fe0559f6a529aea9b26786c03cc455c78d483cfdb44d76
-
SSDEEP
24576:xCnCp7eUQYU5q4Ypnx8DpLjGMCyFLjYGCsYFdnocS:xCnCp7d/bHRSd/pVL0S
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1