Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_733471c3d5b4c8c9ffa1f297a1580b81
-
Size
240KB
-
Sample
250314-erw8lavpy4
-
MD5
733471c3d5b4c8c9ffa1f297a1580b81
-
SHA1
be7d3f349088fe2c037ec5c6615258b51cc278de
-
SHA256
bde0d86e12cd476d831f1d49b86d052cb65cc1f5a587546e5a5278128fa2f509
-
SHA512
f97f99b09ec0fc30339fe458b8ef5d10b9ce33427aa95ea5d1a1e18b16a06dad8952223e6dbdfca94bac0300dd28ba30e816bffaa896b7ab754a0852a0d2f66e
-
SSDEEP
6144:f2+Iw/+wPdcberXheb891Y/FBZtHt8F3VSnUO3RzfTDB:fww/y12CdBZtN8FsnUO3RzbDB
Malware Config
Targets
-
-
Target
JaffaCakes118_733471c3d5b4c8c9ffa1f297a1580b81
-
Size
240KB
-
MD5
733471c3d5b4c8c9ffa1f297a1580b81
-
SHA1
be7d3f349088fe2c037ec5c6615258b51cc278de
-
SHA256
bde0d86e12cd476d831f1d49b86d052cb65cc1f5a587546e5a5278128fa2f509
-
SHA512
f97f99b09ec0fc30339fe458b8ef5d10b9ce33427aa95ea5d1a1e18b16a06dad8952223e6dbdfca94bac0300dd28ba30e816bffaa896b7ab754a0852a0d2f66e
-
SSDEEP
6144:f2+Iw/+wPdcberXheb891Y/FBZtHt8F3VSnUO3RzfTDB:fww/y12CdBZtN8FsnUO3RzbDB
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1