Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f649d629b1ff37e96a2a4c577e45d46f_JaffaCakes118

  • Size

    68KB

  • Sample

    241215-3selyavlgn

  • MD5

    f649d629b1ff37e96a2a4c577e45d46f

  • SHA1

    5eb0909d2d1e0a757db0d6e17cac81cd7e9ecf60

  • SHA256

    3364476f3c84f4db553e7c63264222d560e35375c35e6a42b08a8b9166e16a87

  • SHA512

    9f4ecd89a4f79ad69d17ff2316208ce77c802c451fc4827686a39b3dee93f38435a2b98dc9d2c3a8fed21e8e750408204d931a2c8a477f33f38dd6ef94614c2a

  • SSDEEP

    1536:hKMTA+8EZIydsU9Zr42nmqOPA2Z4r/ozJNgiGMshK3:hK+IYH4jqOPLGevgVMss3

Malware Config

Extracted

Family

xtremerat

C2

altagoor.no-ip.biz

Targets

    • Target

      f649d629b1ff37e96a2a4c577e45d46f_JaffaCakes118

    • Size

      68KB

    • MD5

      f649d629b1ff37e96a2a4c577e45d46f

    • SHA1

      5eb0909d2d1e0a757db0d6e17cac81cd7e9ecf60

    • SHA256

      3364476f3c84f4db553e7c63264222d560e35375c35e6a42b08a8b9166e16a87

    • SHA512

      9f4ecd89a4f79ad69d17ff2316208ce77c802c451fc4827686a39b3dee93f38435a2b98dc9d2c3a8fed21e8e750408204d931a2c8a477f33f38dd6ef94614c2a

    • SSDEEP

      1536:hKMTA+8EZIydsU9Zr42nmqOPA2Z4r/ozJNgiGMshK3:hK+IYH4jqOPLGevgVMss3

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks