Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_0f28d9f5713a606bc1bc8554bb9fd694

  • Size

    934KB

  • Sample

    250122-tccyqstnaw

  • MD5

    0f28d9f5713a606bc1bc8554bb9fd694

  • SHA1

    bf56f7f7dd8860e698f58aea2e2e658dbe705008

  • SHA256

    080473b13a294961678932c9b543a55695995da095fbe446d2b7419ba894f618

  • SHA512

    1de48bfe31388cc88d54ac0374f484291b43275991b0ee184febc39c7cb7b9e4aff1e31149e68adc56e63a76f3a41364b1c1f733ce80e3c126984349d08f5091

  • SSDEEP

    24576:0KfWvLrUv+SVuPm+aGkIumDBqQOb2dr5CNiadAWOvja5:RkPUGsu++a2ume4EC5vjk

Malware Config

Extracted

Family

xtremerat

C2

mikropbisey.no-ip.biz

Targets

    • Target

      MSNTRO~1.EXE

    • Size

      1.8MB

    • MD5

      f7fc6598d7256905a765ac27afd68174

    • SHA1

      ad1f67a8ca392711fff9abbfba502c3c4a82d3c8

    • SHA256

      313dc4f22f34f63ae40aa915767fbe693b7cefe8e7040362bfd4a3f7ae12459f

    • SHA512

      31023df4723bcc8ecaa2a90b9e15d31f514cce2a006514704dd6b2a229e5cea85ac0f867b8e6e1fce66f05582edb8e6e0bb2978514009ba28979870b8ee98da7

    • SSDEEP

      24576:GDmCbxoC8hklOCUK9TmRohThgBhhZmHt6iae84BhhZvHXFUf2QS:GN9oCgkE16mSYbQ0pubP1ijS

    Score
    3/10
    • Target

      msndll.exe

    • Size

      119KB

    • MD5

      444af42eedf1678eba46eb04aa3310dd

    • SHA1

      7e3d7e95820dce4ed0b2775123513fe40463332b

    • SHA256

      438e621864ee31ab757e92ef4e5120d2a8142fcd650d10f992cedfa236ea3064

    • SHA512

      b7656360ff7556589e20bc9dea5fe58dafd1e1ed7546892ce5fbadb84d24a15a234251729272a3730f42a870b8d16e87f52946a657a9272ff92a8dbedebf8d2e

    • SSDEEP

      1536:pOF7+/JyYNWJ85KSUav8lnpmVdhcHgWm1o+Uam5w01yKb:pOFS/IYNWSwSUZmnmAr157m5Z1/

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks