Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_87506a19aead75c0b614330b9d456fda
-
Size
469KB
-
Sample
250323-r4w5kstxdz
-
MD5
87506a19aead75c0b614330b9d456fda
-
SHA1
338f2e5b6f5f4f8015e870290c3f6f2e912aaf77
-
SHA256
76fa774c95aed4945d297b3892c6e2f338756de7a2315024b6f22cc9aca03c9d
-
SHA512
f16b851c5805bedb1afa5b378684b1523eec1a86fed88e0aa96773580c987ef29318d776de7ee682177be8a5c7f7224b154495ce2e9ef06026dffc3ffaebef5b
-
SSDEEP
12288:E2jy4n/JlI91veibKY5q2apD7RYfBJGTBzLhCygdeI:E2m4x+fFp5PapSZQ5VaeI
Malware Config
Extracted
xtremerat
franco800.no-ip.org
Targets
-
-
Target
JaffaCakes118_87506a19aead75c0b614330b9d456fda
-
Size
469KB
-
MD5
87506a19aead75c0b614330b9d456fda
-
SHA1
338f2e5b6f5f4f8015e870290c3f6f2e912aaf77
-
SHA256
76fa774c95aed4945d297b3892c6e2f338756de7a2315024b6f22cc9aca03c9d
-
SHA512
f16b851c5805bedb1afa5b378684b1523eec1a86fed88e0aa96773580c987ef29318d776de7ee682177be8a5c7f7224b154495ce2e9ef06026dffc3ffaebef5b
-
SSDEEP
12288:E2jy4n/JlI91veibKY5q2apD7RYfBJGTBzLhCygdeI:E2m4x+fFp5PapSZQ5VaeI
Score10/10-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Xtremerat family
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-