Overview

overview

10

Static

static

3

c990aa8349...18.exe

windows7-x64

10

c990aa8349...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c990aa83493b0462579815e5f1fdd19e_JaffaCakes118

  • Size

    175KB

  • Sample

    241205-1wdgyatngx

  • MD5

    c990aa83493b0462579815e5f1fdd19e

  • SHA1

    7b14cdadb97d7bb6b298db1c3d0b72c1133d227a

  • SHA256

    b83e9e35e9ceeb009a09a01703378cbee25d6bb5369dafb4ca9d6203320690cd

  • SHA512

    713e43230457c0a5665951cf94cf7e37451574906ea659cdfb18b9b4c2a64f0d4f41df67d79b39a08546d4004d3b6ea8c65736cf8db7b2db1e53528f69a33b05

  • SSDEEP

    3072:HusSckHAIrwX1nR3+TuumXk7Qyc/Lac8xyZlld7rqbKB:HuF3ghXxR3+Sg7Qyc/x8Ir7rY

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      c990aa83493b0462579815e5f1fdd19e_JaffaCakes118

    • Size

      175KB

    • MD5

      c990aa83493b0462579815e5f1fdd19e

    • SHA1

      7b14cdadb97d7bb6b298db1c3d0b72c1133d227a

    • SHA256

      b83e9e35e9ceeb009a09a01703378cbee25d6bb5369dafb4ca9d6203320690cd

    • SHA512

      713e43230457c0a5665951cf94cf7e37451574906ea659cdfb18b9b4c2a64f0d4f41df67d79b39a08546d4004d3b6ea8c65736cf8db7b2db1e53528f69a33b05

    • SSDEEP

      3072:HusSckHAIrwX1nR3+TuumXk7Qyc/Lac8xyZlld7rqbKB:HuF3ghXxR3+Sg7Qyc/x8Ir7rY

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks