Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_566d88e98da3373ba9557b12de8501a2

  • Size

    374KB

  • Sample

    250115-n82dbaskcv

  • MD5

    566d88e98da3373ba9557b12de8501a2

  • SHA1

    f68e52f58771bc43168ba1e5e9d537ae3930f80a

  • SHA256

    2079cf9eb463446cad53a3aba777a89fb294ec241c6ee7d7420e86ad0d1b8ccf

  • SHA512

    c7cf2566c94aab23af81ced0e82f878528b57ee368b5225d1b33375782dc1d20fd8046d56c9e9574712630b45bcaeaf90c2fdfcae36dcc379bf4ab8d3449c625

  • SSDEEP

    6144:eePTB3Sg84KMW34WchSO3YlRfJrpwPUIknT5j01rldtRvtY39vxEJgO:lBiPMWQSO3kRRJ3Td0nVt2BnO

Malware Config

Targets

    • Target

      JaffaCakes118_566d88e98da3373ba9557b12de8501a2

    • Size

      374KB

    • MD5

      566d88e98da3373ba9557b12de8501a2

    • SHA1

      f68e52f58771bc43168ba1e5e9d537ae3930f80a

    • SHA256

      2079cf9eb463446cad53a3aba777a89fb294ec241c6ee7d7420e86ad0d1b8ccf

    • SHA512

      c7cf2566c94aab23af81ced0e82f878528b57ee368b5225d1b33375782dc1d20fd8046d56c9e9574712630b45bcaeaf90c2fdfcae36dcc379bf4ab8d3449c625

    • SSDEEP

      6144:eePTB3Sg84KMW34WchSO3YlRfJrpwPUIknT5j01rldtRvtY39vxEJgO:lBiPMWQSO3kRRJ3Td0nVt2BnO

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks