Overview

overview

10

Static

static

3

922e759e6a...18.exe

windows7-x64

10

922e759e6a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    922e759e6a460205f2cbb6bc9750fc9e_JaffaCakes118

  • Size

    166KB

  • Sample

    241124-dh42eaxkcj

  • MD5

    922e759e6a460205f2cbb6bc9750fc9e

  • SHA1

    8d82ecfe1301fa24e74316f63533d517dafe1805

  • SHA256

    753c4ea12c9956a951c53bdc3513f83fe3208286509c23e0740a51e40ee6563d

  • SHA512

    26c968326b945631bf98ad52dc9ef8d666bb28e32565d285d47454aa5fbdb2b5f69696505a1e665bfb63604bdd7e55a2c4c28437ffe99e256593f17269436bab

  • SSDEEP

    3072:mTN49AHExCCAQYNaz0ZCm3BhsHA4rwozQqjhEt+ov:zbxlvz0ZCoYwIjzov

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      922e759e6a460205f2cbb6bc9750fc9e_JaffaCakes118

    • Size

      166KB

    • MD5

      922e759e6a460205f2cbb6bc9750fc9e

    • SHA1

      8d82ecfe1301fa24e74316f63533d517dafe1805

    • SHA256

      753c4ea12c9956a951c53bdc3513f83fe3208286509c23e0740a51e40ee6563d

    • SHA512

      26c968326b945631bf98ad52dc9ef8d666bb28e32565d285d47454aa5fbdb2b5f69696505a1e665bfb63604bdd7e55a2c4c28437ffe99e256593f17269436bab

    • SSDEEP

      3072:mTN49AHExCCAQYNaz0ZCm3BhsHA4rwozQqjhEt+ov:zbxlvz0ZCoYwIjzov

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks