General

  • Target

    a65a82ed88abf5947bb05be0d94a7bd3_JaffaCakes118

  • Size

    172KB

  • Sample

    241127-g2lwqa1pc1

  • MD5

    a65a82ed88abf5947bb05be0d94a7bd3

  • SHA1

    8f26d74d6c7a1de127a5e75345923f7c9228d1e3

  • SHA256

    6d7016ecfc5bf9d99739b073b7e117e064e3522ba3e92951259db073ab235e1b

  • SHA512

    3605c24b9d94802a47c95bb8279dcf3dae2fb7297eca1a72bad4a7faf8b6c3b61a8c5b7a2408eec5303cc4c221f7f08acaf5494f8a0a60a5fc1b15648e15e147

  • SSDEEP

    3072:uN+4BFpqVID5fAxjaRD7jFfW0w9ZFbDYbT91VsCKtLRPHqWdyKLM7wR:uU4hjVvdXFfuZRDY3VstPH9dk7wR

Malware Config

Targets

    • Target

      a65a82ed88abf5947bb05be0d94a7bd3_JaffaCakes118

    • Size

      172KB

    • MD5

      a65a82ed88abf5947bb05be0d94a7bd3

    • SHA1

      8f26d74d6c7a1de127a5e75345923f7c9228d1e3

    • SHA256

      6d7016ecfc5bf9d99739b073b7e117e064e3522ba3e92951259db073ab235e1b

    • SHA512

      3605c24b9d94802a47c95bb8279dcf3dae2fb7297eca1a72bad4a7faf8b6c3b61a8c5b7a2408eec5303cc4c221f7f08acaf5494f8a0a60a5fc1b15648e15e147

    • SSDEEP

      3072:uN+4BFpqVID5fAxjaRD7jFfW0w9ZFbDYbT91VsCKtLRPHqWdyKLM7wR:uU4hjVvdXFfuZRDY3VstPH9dk7wR

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks