General

  • Target

    a22cb5adac759fff16b4d45fd78a8dcf_JaffaCakes118

  • Size

    176KB

  • Sample

    241126-qmkjsayrar

  • MD5

    a22cb5adac759fff16b4d45fd78a8dcf

  • SHA1

    08be30429659661bdc8967218071956ef54131f8

  • SHA256

    9baebc11c5c3ff4bea6c06428e02127aac6d25b113a8392d51c379b2b8ce280e

  • SHA512

    4df2913a5c7f4ea0f15111139070935e8c4a9f6646b6facfe38e60efe3cd9330d4b201dd33b73288a4356edb03fb4d8d5d9ae22f474bb169ca6dffc750bf4756

  • SSDEEP

    3072:5vboWPZhFnG8hDZcbi4zN8CF6BaFXVV75HeW84MeHkF:FblFG8hDZR4zN8C26lL14

Malware Config

Targets

    • Target

      a22cb5adac759fff16b4d45fd78a8dcf_JaffaCakes118

    • Size

      176KB

    • MD5

      a22cb5adac759fff16b4d45fd78a8dcf

    • SHA1

      08be30429659661bdc8967218071956ef54131f8

    • SHA256

      9baebc11c5c3ff4bea6c06428e02127aac6d25b113a8392d51c379b2b8ce280e

    • SHA512

      4df2913a5c7f4ea0f15111139070935e8c4a9f6646b6facfe38e60efe3cd9330d4b201dd33b73288a4356edb03fb4d8d5d9ae22f474bb169ca6dffc750bf4756

    • SSDEEP

      3072:5vboWPZhFnG8hDZcbi4zN8CF6BaFXVV75HeW84MeHkF:FblFG8hDZR4zN8C26lL14

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks