Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_120503cfb86e67178a0fb8da058b80a2

  • Size

    279KB

  • Sample

    250122-3stqvssnfj

  • MD5

    120503cfb86e67178a0fb8da058b80a2

  • SHA1

    9b84b60705a05fe827041630af64f0a51ce85c15

  • SHA256

    6c1f54e420597522b0723224588f10b104f1b5449e890eee924d8bcb314622f0

  • SHA512

    f29177b57972f0b947a5d65743a6e53346bca9c69e0a89bcdf015db29b98b9664de914f54dbf203c24b9f4928ff7ed1f0d9f1f1dd364d363596dab43ee09364b

  • SSDEEP

    6144:IRsxhYWbtfYhL2axRmToBIkBLsdreg2Fv12yGUD14F3i4l:IidbtfYZlNBIkJsdb2Fv1hG41ei4l

Malware Config

Targets

    • Target

      JaffaCakes118_120503cfb86e67178a0fb8da058b80a2

    • Size

      279KB

    • MD5

      120503cfb86e67178a0fb8da058b80a2

    • SHA1

      9b84b60705a05fe827041630af64f0a51ce85c15

    • SHA256

      6c1f54e420597522b0723224588f10b104f1b5449e890eee924d8bcb314622f0

    • SHA512

      f29177b57972f0b947a5d65743a6e53346bca9c69e0a89bcdf015db29b98b9664de914f54dbf203c24b9f4928ff7ed1f0d9f1f1dd364d363596dab43ee09364b

    • SSDEEP

      6144:IRsxhYWbtfYhL2axRmToBIkBLsdreg2Fv12yGUD14F3i4l:IidbtfYZlNBIkJsdb2Fv1hG41ei4l

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies security service

    • Pony family

    • Pony,Fareit

      Pony is a Remote Access Trojan application that steals information.

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Disables taskbar notifications via registry modification

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks