Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_322bf28a650ec5e79f2cb95cbcf408ca
-
Size
4.2MB
-
Sample
250126-d5fx4askbn
-
MD5
322bf28a650ec5e79f2cb95cbcf408ca
-
SHA1
4a9701ad3d0c2a8490aeb9492d048be802531169
-
SHA256
1bb6741552bbf2b53356efb52972f7553eef5715bc5991d95341825df413bc91
-
SHA512
4e27a345b2523391e6dcc7ca080b799aea8c42cfedbfd2317db43a887f26e6a7e35dbef60a90071d2ff5ed72fa1a3bc8feea9017786d600d1e25edf83187387c
-
SSDEEP
98304:uFDx9x4c8hIQ4ziSqKW/B0qOnCe4fPtAZkLl+n2:Axkc8mQ429KWJ0qaK3tAZzn2
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_322bf28a650ec5e79f2cb95cbcf408ca.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_322bf28a650ec5e79f2cb95cbcf408ca.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
xtremerat
danny.no-ip.org
Targets
-
-
Target
JaffaCakes118_322bf28a650ec5e79f2cb95cbcf408ca
-
Size
4.2MB
-
MD5
322bf28a650ec5e79f2cb95cbcf408ca
-
SHA1
4a9701ad3d0c2a8490aeb9492d048be802531169
-
SHA256
1bb6741552bbf2b53356efb52972f7553eef5715bc5991d95341825df413bc91
-
SHA512
4e27a345b2523391e6dcc7ca080b799aea8c42cfedbfd2317db43a887f26e6a7e35dbef60a90071d2ff5ed72fa1a3bc8feea9017786d600d1e25edf83187387c
-
SSDEEP
98304:uFDx9x4c8hIQ4ziSqKW/B0qOnCe4fPtAZkLl+n2:Axkc8mQ429KWJ0qaK3tAZzn2
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-