Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    db6335cd97bfb7827eef58389406da34_JaffaCakes118

  • Size

    449KB

  • Sample

    241209-y7m5eaznav

  • MD5

    db6335cd97bfb7827eef58389406da34

  • SHA1

    bf890f4796b84b0a43b52e14cb176cbfb6824b99

  • SHA256

    e3a7576bcf3c4dbe622fee504f227b9277464a2052ec949f152da4217149f0ce

  • SHA512

    e803210608f6093b373d1f2cf2519a8a327ca008c506dab10854963302c0a8ac381ce13992d6c5813aef84dd9b3c0fb508f5501bd535977d70618327d222e314

  • SSDEEP

    12288:lxUI/vUesMeC+IuUZXkqG6zuNyYyPVTmCZFAbW:lxUovUeT+XUZXFuNyYyhHAy

Malware Config

Targets

    • Target

      conhost.txt

    • Size

      170KB

    • MD5

      7ac38de1d2bbed88a7a11e015d12a2a6

    • SHA1

      661e558267e5b301e0df29e88ff12a3d783353d7

    • SHA256

      81ba9b2a1b6cb4955eaa2e98181c0857f5debadf0c2c5db6c73edbebbf5a61ae

    • SHA512

      c02a29345ea4898f5f0b98b3f08558adb0e9cfd681ff1be1979a672005f83107f8b1ede6623719fd9417fb9e8ed42ff9ceac10060ef360a7818959feaef94906

    • SSDEEP

      3072:+YahorLVDXDnvSUldxcNsplALB+VvcS2lagG2ranXx/WU5kqlZJ5tV4fd6hRH:+Do3VDfZcOLAF+Vv2wH2raXpWy5rVwy

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      csrss.txt

    • Size

      192KB

    • MD5

      864a00dc8fb5fa5e012db37c02bc7885

    • SHA1

      53e852f83632668b9d20a43014dce5e13b1ce9c9

    • SHA256

      c1139525258f7bb519b02a7969a5c1a3494c084b73e3bbb7cda82587237a7cfe

    • SHA512

      37b7bd106ef023eaf2de0e7fee16439db360e162bf33e6308c726cae26350785577f38eca2637f4853000fb7ffeef94e1671a0918d3f6edabd866d7e0550d9c7

    • SSDEEP

      3072:eJ0idJvZLj1PC6XdOjQ93uoRCMqimiFCUoaN0CZSQBc5T+B7blSH70f0nA:9iDZLj1aAQjExnaQCHHQBcYR8H4g

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      dwm.txt

    • Size

      176KB

    • MD5

      e767c8cc82455adeb3449c6f4b52eecf

    • SHA1

      96ae33d589e81d7732bddd480165712e593619a6

    • SHA256

      ab1bc691bfbe5f8bb76938bcf024678dc8505dcd4c0cc811d6db5eb0f5174537

    • SHA512

      914192a5c92c1aac13d3e726ba7c512dc8cd8f34b98809b1d56ada8382f3e39219cd043404472e02e98ceb590d3a0456d76c051edaa19e9cf0e15f6e23f4398a

    • SSDEEP

      3072:ZyMyARFdjQh68vOj+OdgHzMC5oWQWqGbItt7QPL+aD1L4K:ZyMy68Q+OdqZoWzbktJQzXD1kK

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.