Overview

overview

10

Static

static

3

d35a7352e1...18.exe

windows7-x64

10

d35a7352e1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d35a7352e12a25e36b718b07d2a74d9c_JaffaCakes118

  • Size

    174KB

  • Sample

    241207-ypds1swlcp

  • MD5

    d35a7352e12a25e36b718b07d2a74d9c

  • SHA1

    0ea1212e27715dfa2adaac3679622fc8f00a8769

  • SHA256

    8bd403adc225ef5512a309e52822b37c6dfad2905c327da490ab409fd4aea738

  • SHA512

    717768020a4e09868324483ea9bf71b4a68cd87384a2ac4cbf09edabe61c563d7d6dda299c2963eedd75dd6fa39462880fb4b335a91c0aca0b3b25edfea46308

  • SSDEEP

    3072:j3QTXjUhMXiYETuL6Iqp8n3Jgrz7dz8QeZII:sY65dqrVoQ

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      d35a7352e12a25e36b718b07d2a74d9c_JaffaCakes118

    • Size

      174KB

    • MD5

      d35a7352e12a25e36b718b07d2a74d9c

    • SHA1

      0ea1212e27715dfa2adaac3679622fc8f00a8769

    • SHA256

      8bd403adc225ef5512a309e52822b37c6dfad2905c327da490ab409fd4aea738

    • SHA512

      717768020a4e09868324483ea9bf71b4a68cd87384a2ac4cbf09edabe61c563d7d6dda299c2963eedd75dd6fa39462880fb4b335a91c0aca0b3b25edfea46308

    • SSDEEP

      3072:j3QTXjUhMXiYETuL6Iqp8n3Jgrz7dz8QeZII:sY65dqrVoQ

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks