Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_3d05891769c17017cb8819e4af1c24f1
-
Size
1.4MB
-
Sample
250127-hqmvbaxpfk
-
MD5
3d05891769c17017cb8819e4af1c24f1
-
SHA1
82b71d9e38dbfeb9d8ddb584747543eaef17904e
-
SHA256
e40774bc78dc9783c7958a77d1e0cb99a9b89637f1a2f337ef78f906923128e3
-
SHA512
b65f75f97149bd28dbddd91951ad1002d8289cc979150acbb3658e26d0646dba30950e5d0f5962d943fe739ca9c219e0f81dbaf258d913dcb4774cf5e2db189a
-
SSDEEP
24576:iVFznbdlk046n4/As1QFeH/kfqnWaDYd2La8eQIQKHfAnmudwPMfRRIq9m6usPnd:cFzDHeaqWUYQLTI41dYMDIPn
Malware Config
Targets
-
-
Target
JaffaCakes118_3d05891769c17017cb8819e4af1c24f1
-
Size
1.4MB
-
MD5
3d05891769c17017cb8819e4af1c24f1
-
SHA1
82b71d9e38dbfeb9d8ddb584747543eaef17904e
-
SHA256
e40774bc78dc9783c7958a77d1e0cb99a9b89637f1a2f337ef78f906923128e3
-
SHA512
b65f75f97149bd28dbddd91951ad1002d8289cc979150acbb3658e26d0646dba30950e5d0f5962d943fe739ca9c219e0f81dbaf258d913dcb4774cf5e2db189a
-
SSDEEP
24576:iVFznbdlk046n4/As1QFeH/kfqnWaDYd2La8eQIQKHfAnmudwPMfRRIq9m6usPnd:cFzDHeaqWUYQLTI41dYMDIPn
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1