Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e9bd4ca59f4ddcd5787f2632a2564614_JaffaCakes118
-
Size
420KB
-
Sample
241213-eb8xfsxngv
-
MD5
e9bd4ca59f4ddcd5787f2632a2564614
-
SHA1
7df71033066c1e328280f86e90fd558ff00d46bb
-
SHA256
3fb79c5b2136a5343df8e445248c636880659ac3db26585ec0d1e233632b930a
-
SHA512
51d33d942d13f753b319461f0aa80510173599e66d186b24cb57324061518f9577ebeb04bd94b8b84b45d0f90716838c7b12642b4725c4095d09f5b6ad28ddeb
-
SSDEEP
12288:3MhziMCBJJ/FBaESkGKdt5EO8lfCYI1POI+olg+:3MJiMkfdBaESkldzO4mIVz
Behavioral task
behavioral1
Sample
e9bd4ca59f4ddcd5787f2632a2564614_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
xtremerat
franco1.no-ip.org
Targets
-
-
Target
e9bd4ca59f4ddcd5787f2632a2564614_JaffaCakes118
-
Size
420KB
-
MD5
e9bd4ca59f4ddcd5787f2632a2564614
-
SHA1
7df71033066c1e328280f86e90fd558ff00d46bb
-
SHA256
3fb79c5b2136a5343df8e445248c636880659ac3db26585ec0d1e233632b930a
-
SHA512
51d33d942d13f753b319461f0aa80510173599e66d186b24cb57324061518f9577ebeb04bd94b8b84b45d0f90716838c7b12642b4725c4095d09f5b6ad28ddeb
-
SSDEEP
12288:3MhziMCBJJ/FBaESkGKdt5EO8lfCYI1POI+olg+:3MJiMkfdBaESkldzO4mIVz
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-