Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    db6335cd97bfb7827eef58389406da34_JaffaCakes118

  • Size

    449KB

  • Sample

    241209-y7m5eaznav

  • MD5

    db6335cd97bfb7827eef58389406da34

  • SHA1

    bf890f4796b84b0a43b52e14cb176cbfb6824b99

  • SHA256

    e3a7576bcf3c4dbe622fee504f227b9277464a2052ec949f152da4217149f0ce

  • SHA512

    e803210608f6093b373d1f2cf2519a8a327ca008c506dab10854963302c0a8ac381ce13992d6c5813aef84dd9b3c0fb508f5501bd535977d70618327d222e314

  • SSDEEP

    12288:lxUI/vUesMeC+IuUZXkqG6zuNyYyPVTmCZFAbW:lxUovUeT+XUZXFuNyYyhHAy

Malware Config

Targets

    • Target

      conhost.txt

    • Size

      170KB

    • MD5

      7ac38de1d2bbed88a7a11e015d12a2a6

    • SHA1

      661e558267e5b301e0df29e88ff12a3d783353d7

    • SHA256

      81ba9b2a1b6cb4955eaa2e98181c0857f5debadf0c2c5db6c73edbebbf5a61ae

    • SHA512

      c02a29345ea4898f5f0b98b3f08558adb0e9cfd681ff1be1979a672005f83107f8b1ede6623719fd9417fb9e8ed42ff9ceac10060ef360a7818959feaef94906

    • SSDEEP

      3072:+YahorLVDXDnvSUldxcNsplALB+VvcS2lagG2ranXx/WU5kqlZJ5tV4fd6hRH:+Do3VDfZcOLAF+Vv2wH2raXpWy5rVwy

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      csrss.txt

    • Size

      192KB

    • MD5

      864a00dc8fb5fa5e012db37c02bc7885

    • SHA1

      53e852f83632668b9d20a43014dce5e13b1ce9c9

    • SHA256

      c1139525258f7bb519b02a7969a5c1a3494c084b73e3bbb7cda82587237a7cfe

    • SHA512

      37b7bd106ef023eaf2de0e7fee16439db360e162bf33e6308c726cae26350785577f38eca2637f4853000fb7ffeef94e1671a0918d3f6edabd866d7e0550d9c7

    • SSDEEP

      3072:eJ0idJvZLj1PC6XdOjQ93uoRCMqimiFCUoaN0CZSQBc5T+B7blSH70f0nA:9iDZLj1aAQjExnaQCHHQBcYR8H4g

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      dwm.txt

    • Size

      176KB

    • MD5

      e767c8cc82455adeb3449c6f4b52eecf

    • SHA1

      96ae33d589e81d7732bddd480165712e593619a6

    • SHA256

      ab1bc691bfbe5f8bb76938bcf024678dc8505dcd4c0cc811d6db5eb0f5174537

    • SHA512

      914192a5c92c1aac13d3e726ba7c512dc8cd8f34b98809b1d56ada8382f3e39219cd043404472e02e98ceb590d3a0456d76c051edaa19e9cf0e15f6e23f4398a

    • SSDEEP

      3072:ZyMyARFdjQh68vOj+OdgHzMC5oWQWqGbItt7QPL+aD1L4K:ZyMy68Q+OdqZoWzbktJQzXD1kK

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks