Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_566d88e98da3373ba9557b12de8501a2
-
Size
374KB
-
Sample
250115-n82dbaskcv
-
MD5
566d88e98da3373ba9557b12de8501a2
-
SHA1
f68e52f58771bc43168ba1e5e9d537ae3930f80a
-
SHA256
2079cf9eb463446cad53a3aba777a89fb294ec241c6ee7d7420e86ad0d1b8ccf
-
SHA512
c7cf2566c94aab23af81ced0e82f878528b57ee368b5225d1b33375782dc1d20fd8046d56c9e9574712630b45bcaeaf90c2fdfcae36dcc379bf4ab8d3449c625
-
SSDEEP
6144:eePTB3Sg84KMW34WchSO3YlRfJrpwPUIknT5j01rldtRvtY39vxEJgO:lBiPMWQSO3kRRJ3Td0nVt2BnO
Malware Config
Targets
-
-
Target
JaffaCakes118_566d88e98da3373ba9557b12de8501a2
-
Size
374KB
-
MD5
566d88e98da3373ba9557b12de8501a2
-
SHA1
f68e52f58771bc43168ba1e5e9d537ae3930f80a
-
SHA256
2079cf9eb463446cad53a3aba777a89fb294ec241c6ee7d7420e86ad0d1b8ccf
-
SHA512
c7cf2566c94aab23af81ced0e82f878528b57ee368b5225d1b33375782dc1d20fd8046d56c9e9574712630b45bcaeaf90c2fdfcae36dcc379bf4ab8d3449c625
-
SSDEEP
6144:eePTB3Sg84KMW34WchSO3YlRfJrpwPUIknT5j01rldtRvtY39vxEJgO:lBiPMWQSO3kRRJ3Td0nVt2BnO
Score10/10-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload
Cycbot is a backdoor and trojan written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1