Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_716d1f796cfb2342d03792d26f3444ac
-
Size
144KB
-
Sample
250313-t58wwazqs4
-
MD5
716d1f796cfb2342d03792d26f3444ac
-
SHA1
a4a98cdc4d8d1209330b8679368583bf98420686
-
SHA256
59460b605ee098a300f931ba13824e18bc9b823404280a83bf4d52d17b66a6bf
-
SHA512
73fe6aa9b87ffccbc9446a55e517a83fccbc4a1eb82fe9ee7cf3a19a5c8add750cb8f2bc1b695a7038c4e1e0491aaff9d2b5767e67813c18e66b5ccab8da9783
-
SSDEEP
1536:F+/wpnnRxGdrth3sncq1w/v7EWaDOcys9iJvSAykRXFIFuV2dHpnnRxGdbz:F+/wpnnODhccgGhclbq7V2dHpnnOZ
Malware Config
Extracted
xtremerat
benzouine.no-ip.biz
Targets
-
-
Target
JaffaCakes118_716d1f796cfb2342d03792d26f3444ac
-
Size
144KB
-
MD5
716d1f796cfb2342d03792d26f3444ac
-
SHA1
a4a98cdc4d8d1209330b8679368583bf98420686
-
SHA256
59460b605ee098a300f931ba13824e18bc9b823404280a83bf4d52d17b66a6bf
-
SHA512
73fe6aa9b87ffccbc9446a55e517a83fccbc4a1eb82fe9ee7cf3a19a5c8add750cb8f2bc1b695a7038c4e1e0491aaff9d2b5767e67813c18e66b5ccab8da9783
-
SSDEEP
1536:F+/wpnnRxGdrth3sncq1w/v7EWaDOcys9iJvSAykRXFIFuV2dHpnnRxGdbz:F+/wpnnODhccgGhclbq7V2dHpnnOZ
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1