Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_2f57093cab00e56a3681e7f2d945e488
-
Size
70KB
-
Sample
250125-y7eg9sypez
-
MD5
2f57093cab00e56a3681e7f2d945e488
-
SHA1
14f67713920063cbfdddd3ab4f6d187cb45bd09d
-
SHA256
e2a48aecba2f1581badaa6bbb615ab68b991ffb1b3a7b37382b6dcfb4c79da5b
-
SHA512
84d7e0fc0bd837797829463da49717d4dc86dce46174fa8d67d0d5d96dc03f8c953a22e6d748fe956a7957a24ffe5a567bf45a88ec329fd25742dbe7bc3496fd
-
SSDEEP
1536:uhG/WZUDk14d64pFPFXUAXBmW8P6q4HFe:E8kyTPXUAXwW8P6qos
Malware Config
Extracted
xtremerat
iko.no-ip.org
Targets
-
-
Target
JaffaCakes118_2f57093cab00e56a3681e7f2d945e488
-
Size
70KB
-
MD5
2f57093cab00e56a3681e7f2d945e488
-
SHA1
14f67713920063cbfdddd3ab4f6d187cb45bd09d
-
SHA256
e2a48aecba2f1581badaa6bbb615ab68b991ffb1b3a7b37382b6dcfb4c79da5b
-
SHA512
84d7e0fc0bd837797829463da49717d4dc86dce46174fa8d67d0d5d96dc03f8c953a22e6d748fe956a7957a24ffe5a567bf45a88ec329fd25742dbe7bc3496fd
-
SSDEEP
1536:uhG/WZUDk14d64pFPFXUAXBmW8P6q4HFe:E8kyTPXUAXwW8P6qos
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1