General
-
Target
f8791cd1534ff1bdee355b251eb14761_JaffaCakes118
-
Size
278KB
-
Sample
241216-lzcmgswpcp
-
MD5
f8791cd1534ff1bdee355b251eb14761
-
SHA1
1e8b28ef99fe1867b84b5e415c639405f8422339
-
SHA256
5b21f602ef96da6394a1731f5c93267a86f86f3b0b6bf95e59f8ce6ea500297d
-
SHA512
9cbb00a854da863aa3cbbe9f818360ad89da13d978ef9ecf637ce7293e1b0dbd69dd35f2bfff1c0caa3d0a120003b635ae6e4543bff72c6e2fd91f9ffa71fe93
-
SSDEEP
6144:426dfYFuJqqNqo8E6i4kxnYAXfqXLwEHbYoSckT4Au6ZGR/fm7QEU:jgDYqL2kxnYAUvxk0Au6c+K
Malware Config
Targets
-
-
Target
f8791cd1534ff1bdee355b251eb14761_JaffaCakes118
-
Size
278KB
-
MD5
f8791cd1534ff1bdee355b251eb14761
-
SHA1
1e8b28ef99fe1867b84b5e415c639405f8422339
-
SHA256
5b21f602ef96da6394a1731f5c93267a86f86f3b0b6bf95e59f8ce6ea500297d
-
SHA512
9cbb00a854da863aa3cbbe9f818360ad89da13d978ef9ecf637ce7293e1b0dbd69dd35f2bfff1c0caa3d0a120003b635ae6e4543bff72c6e2fd91f9ffa71fe93
-
SSDEEP
6144:426dfYFuJqqNqo8E6i4kxnYAXfqXLwEHbYoSckT4Au6ZGR/fm7QEU:jgDYqL2kxnYAUvxk0Au6c+K
Score10/10-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload
Cycbot is a backdoor and trojan written in C++.
-
Modifies WinLogon for persistence
-
Pony family
-
Pony,Fareit
Pony is a Remote Access Trojan application that steals information.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-