General

  • Target

    JaffaCakes118_9b00d0f2ceec73fe676e4e46c83c80e9

  • Size

    279KB

  • Sample

    250118-apq7caykak

  • MD5

    9b00d0f2ceec73fe676e4e46c83c80e9

  • SHA1

    2cf277cea2d22bc981a5275ec1e0431d1f89dbb9

  • SHA256

    2668f2afb8cfdb2198670b2c91b52470548f86748673e94f73613fceb8bf8022

  • SHA512

    17baac1f824313afb63e7db6e364029d4f2a41502894cee28f27848dca1b1d13fb9f393f3fa3c18dd577e1650d4cba1bd0ede4be32ce42314f4662750824befa

  • SSDEEP

    6144:kn5jzAWmB/lkHai8y38jfM9kTZnXqbvOvbGOWhGGtebfKphGS7S2s1gBdl:kn5j8Ww/ly36v9n6bvVOWhG1eph+9Q

Malware Config

Targets

    • Target

      JaffaCakes118_9b00d0f2ceec73fe676e4e46c83c80e9

    • Size

      279KB

    • MD5

      9b00d0f2ceec73fe676e4e46c83c80e9

    • SHA1

      2cf277cea2d22bc981a5275ec1e0431d1f89dbb9

    • SHA256

      2668f2afb8cfdb2198670b2c91b52470548f86748673e94f73613fceb8bf8022

    • SHA512

      17baac1f824313afb63e7db6e364029d4f2a41502894cee28f27848dca1b1d13fb9f393f3fa3c18dd577e1650d4cba1bd0ede4be32ce42314f4662750824befa

    • SSDEEP

      6144:kn5jzAWmB/lkHai8y38jfM9kTZnXqbvOvbGOWhGGtebfKphGS7S2s1gBdl:kn5j8Ww/ly36v9n6bvVOWhG1eph+9Q

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies security service

    • Pony family

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Disables taskbar notifications via registry modification

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.