Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

JaffaCakes...59.exe

windows7-x64

10

JaffaCakes...59.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_2777eb2068f8c7400315a9d4e8f16459

  • Size

    390KB

  • Sample

    250125-c4fp9s1ndw

  • MD5

    2777eb2068f8c7400315a9d4e8f16459

  • SHA1

    5e65cfcecb77e6deef0760b3bbd7268c0ee1121c

  • SHA256

    4ccc6951e5854e0c9d844ce47ceba7fda7b22d34a6f27e90cd0091b3baa64297

  • SHA512

    e10d87ddc7674e58046ff79ef743d21ea9b8b4e7358b1dac893e35bac32b62db413f7a549f4a6625c996a6f80b727b8dcf2bbe8984c8318edc6db1142457c79b

  • SSDEEP

    12288:zF4HINhCuu2lL/kDES/7bwmuq9ec4Vsty:iHKhgOLW/nvc3u

Score
10/10
xtremeratdiscoverypersistenceratspywareupx

Malware Config

Targets

    • Target

      JaffaCakes118_2777eb2068f8c7400315a9d4e8f16459

    • Size

      390KB

    • MD5

      2777eb2068f8c7400315a9d4e8f16459

    • SHA1

      5e65cfcecb77e6deef0760b3bbd7268c0ee1121c

    • SHA256

      4ccc6951e5854e0c9d844ce47ceba7fda7b22d34a6f27e90cd0091b3baa64297

    • SHA512

      e10d87ddc7674e58046ff79ef743d21ea9b8b4e7358b1dac893e35bac32b62db413f7a549f4a6625c996a6f80b727b8dcf2bbe8984c8318edc6db1142457c79b

    • SSDEEP

      12288:zF4HINhCuu2lL/kDES/7bwmuq9ec4Vsty:iHKhgOLW/nvc3u

    Score
    10/10
    xtremeratdiscoverypersistenceratspywareupx

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

      persistencespywareratxtremerat

    • Xtremerat family

      xtremerat

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks