Analysis
-
max time kernel
120s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
-
submitted
04-12-2024 23:19
General
-
Target
b4961731a649665ccee47fa4e10b85355640e182b148460e47068f27ab220e44N.exe
-
Size
169KB
-
MD5
b6e91af58e0d4dcd60afe30adfdd0730
-
SHA1
73ba3ebd344cc3255e1127c248a6cfebd965cb43
-
SHA256
b4961731a649665ccee47fa4e10b85355640e182b148460e47068f27ab220e44
-
SHA512
84b5cacf9b54055c6195d2d0fb8d0dcc148326e79494a3d2128f8227ef676a513b63748901e423646ae67eaee9898964d5aaf4736225a86fdb54d1ff4fcb0bf2
-
SSDEEP
3072:pYtI3xw7+scZSKf9OnYqjbsYUdhV+ZF+Q0kx+p9s4lgUBS9Rh/duUk:pP3xeNcZSKf9yYosXdhTksp9IdE
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 6 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b4961731a649665ccee47fa4e10b85355640e182b148460e47068f27ab220e44N.exe"C:\Users\Admin\AppData\Local\Temp\b4961731a649665ccee47fa4e10b85355640e182b148460e47068f27ab220e44N.exe"1⤵
- Modifies WinLogon for persistence
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\b4961731a649665ccee47fa4e10b85355640e182b148460e47068f27ab220e44N.exeC:\Users\Admin\AppData\Local\Temp\b4961731a649665ccee47fa4e10b85355640e182b148460e47068f27ab220e44N.exe startC:\Program Files (x86)\LP\4486\E1C.exe%C:\Program Files (x86)\LP\44862⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\b4961731a649665ccee47fa4e10b85355640e182b148460e47068f27ab220e44N.exeC:\Users\Admin\AppData\Local\Temp\b4961731a649665ccee47fa4e10b85355640e182b148460e47068f27ab220e44N.exe startC:\Program Files (x86)\0D2CD\lvvm.exe%C:\Program Files (x86)\0D2CD2⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD55bfd5f6d541e73f429523615e21033b4
SHA1c8f6829b57e3aa2c995bab73062b9f8094ce5117
SHA256c6f5a1cf973ff6f985c6ae84ce867ca9d56e108e7209c73bb5149645df450e56
SHA512025cd1eaad7fb3ba4dfae1b5671588d8adc819483e8cd739a4e293d2509d658e0fd6ff519ce7eed87615806265e68b9d8fbbffaa9a497e71801005f46f716733
-
Filesize
600B
MD5ddc79332e42cb4498f0aecc8394ad15f
SHA13150e56692eb3d602dfde910bd886560370cdbd1
SHA2563eb8184ffcc95efdd9b20652d57a72a4576a19dc05ed3174a4f0a851473ffa5c
SHA512a4de1240fdf1f8d89b8c1a32724657ede813f014428176d97795aabe5e992f40cd90f18702f60160dff255bf4a90c356e355734a712ac78dd6751de1460b8efd
-
Filesize
996B
MD5b160c3663e5e81cf10bade380df2596d
SHA155d929fb7401bc03e2f50daca0b124242e1d8c24
SHA25645ff228c4cb5a1ae0cedde8b9279f05681f02f32896580b148fa0a7d11903341
SHA5125be3204543ff51eba052412c88849472d9c37c7f9776b46211f49816cc4b0efbcaca3cb0f1974cdb83092f863be975cd8bcafa5a015aa0b95e529425e8438081
-
Filesize
568KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
568KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB