General

  • Target

    JaffaCakes118_cf7c5f8523446c33cc27330492313e50

  • Size

    272KB

  • Sample

    250119-w4d18azrhr

  • MD5

    cf7c5f8523446c33cc27330492313e50

  • SHA1

    df91c2b5aebaed460065cc0a78f92cc2fb8d1490

  • SHA256

    2625118880fa0a274e3647d40a8a17fee49bbe01a6ae8c444e4b4aa789d4d88e

  • SHA512

    720ea22534d52a5e5989786baf959123105f99b96a0c1619a1bea1b9f9259773969a55006e81f449a34347bb19a48e0b584409ebb5c849c57b2576b19ad32843

  • SSDEEP

    6144:luupvQP0sP7wBfndGZ/1+UcJ0oVzQ6OCn9IAuE6eGni+FjpyObkF:3I06kBf2/11cJ3xO6UE6eSiqlVwF

Malware Config

Targets

    • Target

      JaffaCakes118_cf7c5f8523446c33cc27330492313e50

    • Size

      272KB

    • MD5

      cf7c5f8523446c33cc27330492313e50

    • SHA1

      df91c2b5aebaed460065cc0a78f92cc2fb8d1490

    • SHA256

      2625118880fa0a274e3647d40a8a17fee49bbe01a6ae8c444e4b4aa789d4d88e

    • SHA512

      720ea22534d52a5e5989786baf959123105f99b96a0c1619a1bea1b9f9259773969a55006e81f449a34347bb19a48e0b584409ebb5c849c57b2576b19ad32843

    • SSDEEP

      6144:luupvQP0sP7wBfndGZ/1+UcJ0oVzQ6OCn9IAuE6eGni+FjpyObkF:3I06kBf2/11cJ3xO6UE6eSiqlVwF

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies security service

    • Pony family

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Disables taskbar notifications via registry modification

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.