Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_322bf28a650ec5e79f2cb95cbcf408ca

  • Size

    4.2MB

  • Sample

    250126-d5fx4askbn

  • MD5

    322bf28a650ec5e79f2cb95cbcf408ca

  • SHA1

    4a9701ad3d0c2a8490aeb9492d048be802531169

  • SHA256

    1bb6741552bbf2b53356efb52972f7553eef5715bc5991d95341825df413bc91

  • SHA512

    4e27a345b2523391e6dcc7ca080b799aea8c42cfedbfd2317db43a887f26e6a7e35dbef60a90071d2ff5ed72fa1a3bc8feea9017786d600d1e25edf83187387c

  • SSDEEP

    98304:uFDx9x4c8hIQ4ziSqKW/B0qOnCe4fPtAZkLl+n2:Axkc8mQ429KWJ0qaK3tAZzn2

Malware Config

Extracted

Family

xtremerat

C2

danny.no-ip.org

Targets

    • Target

      JaffaCakes118_322bf28a650ec5e79f2cb95cbcf408ca

    • Size

      4.2MB

    • MD5

      322bf28a650ec5e79f2cb95cbcf408ca

    • SHA1

      4a9701ad3d0c2a8490aeb9492d048be802531169

    • SHA256

      1bb6741552bbf2b53356efb52972f7553eef5715bc5991d95341825df413bc91

    • SHA512

      4e27a345b2523391e6dcc7ca080b799aea8c42cfedbfd2317db43a887f26e6a7e35dbef60a90071d2ff5ed72fa1a3bc8feea9017786d600d1e25edf83187387c

    • SSDEEP

      98304:uFDx9x4c8hIQ4ziSqKW/B0qOnCe4fPtAZkLl+n2:Axkc8mQ429KWJ0qaK3tAZzn2

    • Detect XtremeRAT payload

    • XtremeRAT

      The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    • Xtremerat family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks