Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_2f57093cab00e56a3681e7f2d945e488

  • Size

    70KB

  • Sample

    250125-y7eg9sypez

  • MD5

    2f57093cab00e56a3681e7f2d945e488

  • SHA1

    14f67713920063cbfdddd3ab4f6d187cb45bd09d

  • SHA256

    e2a48aecba2f1581badaa6bbb615ab68b991ffb1b3a7b37382b6dcfb4c79da5b

  • SHA512

    84d7e0fc0bd837797829463da49717d4dc86dce46174fa8d67d0d5d96dc03f8c953a22e6d748fe956a7957a24ffe5a567bf45a88ec329fd25742dbe7bc3496fd

  • SSDEEP

    1536:uhG/WZUDk14d64pFPFXUAXBmW8P6q4HFe:E8kyTPXUAXwW8P6qos

Malware Config

Extracted

Family

xtremerat

C2

iko.no-ip.org

Targets

    • Target

      JaffaCakes118_2f57093cab00e56a3681e7f2d945e488

    • Size

      70KB

    • MD5

      2f57093cab00e56a3681e7f2d945e488

    • SHA1

      14f67713920063cbfdddd3ab4f6d187cb45bd09d

    • SHA256

      e2a48aecba2f1581badaa6bbb615ab68b991ffb1b3a7b37382b6dcfb4c79da5b

    • SHA512

      84d7e0fc0bd837797829463da49717d4dc86dce46174fa8d67d0d5d96dc03f8c953a22e6d748fe956a7957a24ffe5a567bf45a88ec329fd25742dbe7bc3496fd

    • SSDEEP

      1536:uhG/WZUDk14d64pFPFXUAXBmW8P6q4HFe:E8kyTPXUAXwW8P6qos

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks