General

  • Target

    f94050e6245132ac6fbffc77d5955f4d_JaffaCakes118

  • Size

    192KB

  • Sample

    241217-3ladmstphk

  • MD5

    f94050e6245132ac6fbffc77d5955f4d

  • SHA1

    5ea83c94f4f617682fafc192c9e368f2f5e427ac

  • SHA256

    5dae77a0cb286a0ed1e430bdc78c4bd986f3217a3d1c7413997a71b455071c56

  • SHA512

    ed63c3e006836e19ec19edd55859107d87df65333e8d70acc9d255ebe153cc90a1a64ca2cc375891a9dd5d4fad217a77d1be1b7e543a492697470077a08ae9f9

  • SSDEEP

    3072:rKtHuR794y5aCsHXeuuISPXS7hlIzF0jEA21tiNuvR17doa3pOR2vLadLduFwa7O:rKtHY79J5anHXPu9S0zFM9M0NuvRnL3m

Malware Config

Targets

    • Target

      f94050e6245132ac6fbffc77d5955f4d_JaffaCakes118

    • Size

      192KB

    • MD5

      f94050e6245132ac6fbffc77d5955f4d

    • SHA1

      5ea83c94f4f617682fafc192c9e368f2f5e427ac

    • SHA256

      5dae77a0cb286a0ed1e430bdc78c4bd986f3217a3d1c7413997a71b455071c56

    • SHA512

      ed63c3e006836e19ec19edd55859107d87df65333e8d70acc9d255ebe153cc90a1a64ca2cc375891a9dd5d4fad217a77d1be1b7e543a492697470077a08ae9f9

    • SSDEEP

      3072:rKtHuR794y5aCsHXeuuISPXS7hlIzF0jEA21tiNuvR17doa3pOR2vLadLduFwa7O:rKtHY79J5anHXPu9S0zFM9M0NuvRnL3m

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks