Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fe17249ee77da62df632a346105e4a2b_JaffaCakes118

  • Size

    364KB

  • Sample

    241219-c1ph1atqgj

  • MD5

    fe17249ee77da62df632a346105e4a2b

  • SHA1

    c1fea128fcaff58c2398cbc23bab4b21eb4760c6

  • SHA256

    0a3f42f1e5872512142ce953ab6f3bb8652b474f8611cda91ff0527099f39ddf

  • SHA512

    6093ba20088acb3d97e000a68f0f643aaf6b1e9d2c2f6af7de427a37ef77f10ebaf13ef1a1f05108a272930eb106e6ab895d266823ddadd04a12361c4630dab3

  • SSDEEP

    3072:ElRFVjaJs2hdfvP+eAP8nFse1cz8VMt5cRDmNlQwKOzoaqTmY6AhP8nFsehdf33O:ElRpe0eZ2z8MtSGRxwy2eZbf3D

Malware Config

Targets

    • Target

      fe17249ee77da62df632a346105e4a2b_JaffaCakes118

    • Size

      364KB

    • MD5

      fe17249ee77da62df632a346105e4a2b

    • SHA1

      c1fea128fcaff58c2398cbc23bab4b21eb4760c6

    • SHA256

      0a3f42f1e5872512142ce953ab6f3bb8652b474f8611cda91ff0527099f39ddf

    • SHA512

      6093ba20088acb3d97e000a68f0f643aaf6b1e9d2c2f6af7de427a37ef77f10ebaf13ef1a1f05108a272930eb106e6ab895d266823ddadd04a12361c4630dab3

    • SSDEEP

      3072:ElRFVjaJs2hdfvP+eAP8nFse1cz8VMt5cRDmNlQwKOzoaqTmY6AhP8nFsehdf33O:ElRpe0eZ2z8MtSGRxwy2eZbf3D

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks