Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e9bd4ca59f4ddcd5787f2632a2564614_JaffaCakes118

  • Size

    420KB

  • Sample

    241213-eb8xfsxngv

  • MD5

    e9bd4ca59f4ddcd5787f2632a2564614

  • SHA1

    7df71033066c1e328280f86e90fd558ff00d46bb

  • SHA256

    3fb79c5b2136a5343df8e445248c636880659ac3db26585ec0d1e233632b930a

  • SHA512

    51d33d942d13f753b319461f0aa80510173599e66d186b24cb57324061518f9577ebeb04bd94b8b84b45d0f90716838c7b12642b4725c4095d09f5b6ad28ddeb

  • SSDEEP

    12288:3MhziMCBJJ/FBaESkGKdt5EO8lfCYI1POI+olg+:3MJiMkfdBaESkldzO4mIVz

Malware Config

Extracted

Family

xtremerat

C2

franco1.no-ip.org

Targets

    • Target

      e9bd4ca59f4ddcd5787f2632a2564614_JaffaCakes118

    • Size

      420KB

    • MD5

      e9bd4ca59f4ddcd5787f2632a2564614

    • SHA1

      7df71033066c1e328280f86e90fd558ff00d46bb

    • SHA256

      3fb79c5b2136a5343df8e445248c636880659ac3db26585ec0d1e233632b930a

    • SHA512

      51d33d942d13f753b319461f0aa80510173599e66d186b24cb57324061518f9577ebeb04bd94b8b84b45d0f90716838c7b12642b4725c4095d09f5b6ad28ddeb

    • SSDEEP

      12288:3MhziMCBJJ/FBaESkGKdt5EO8lfCYI1POI+olg+:3MJiMkfdBaESkldzO4mIVz

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks