Overview

overview

10

Static

static

3

9518408136...18.exe

windows7-x64

10

9518408136...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9518408136fd1813904953e0f8149aea_JaffaCakes118

  • Size

    163KB

  • Sample

    241124-q7b35ssmds

  • MD5

    9518408136fd1813904953e0f8149aea

  • SHA1

    441fa6e913678e7b20fc0cd0e254aec90db758f6

  • SHA256

    bea012d79dc80d6316c2434ca935e2c74c508abc6d1ccc66c9a2cd3c0a8e4cef

  • SHA512

    06935dc029867674a7b5d595e1d81362eb72d61882b243d90c0238b3ec154b599ae6ffeec7b84cfd8a28deb195d7ab5bbca3eed53868815e57fbac4ec08d95e4

  • SSDEEP

    3072:6kChIFvQrNax4gjA8W8+iTJk8mHUcmUUf0L0a+8CPPAt:6kO4jxXvtMmUUcMzP

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      9518408136fd1813904953e0f8149aea_JaffaCakes118

    • Size

      163KB

    • MD5

      9518408136fd1813904953e0f8149aea

    • SHA1

      441fa6e913678e7b20fc0cd0e254aec90db758f6

    • SHA256

      bea012d79dc80d6316c2434ca935e2c74c508abc6d1ccc66c9a2cd3c0a8e4cef

    • SHA512

      06935dc029867674a7b5d595e1d81362eb72d61882b243d90c0238b3ec154b599ae6ffeec7b84cfd8a28deb195d7ab5bbca3eed53868815e57fbac4ec08d95e4

    • SSDEEP

      3072:6kChIFvQrNax4gjA8W8+iTJk8mHUcmUUf0L0a+8CPPAt:6kO4jxXvtMmUUcMzP

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks