Overview

overview

10

Static

static

3

d809c8711f...18.exe

windows7-x64

10

d809c8711f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d809c8711fc3d906b79a0d80e3b10461_JaffaCakes118

  • Size

    167KB

  • Sample

    241208-vadypatqdj

  • MD5

    d809c8711fc3d906b79a0d80e3b10461

  • SHA1

    c9d5781376f572f7f0c06d6048bbeef76f853187

  • SHA256

    93974daf245cf75829a16fd39adb7b8555ff9b319c07759c7393d4994e6a0168

  • SHA512

    b14badbfb2fffcfc0e74ee7cd421ca01f4ddfd0e3431e544a12f63993474d803930cbbdd954f4c530be037278a424fd75f7387fac1a33f2dc9392c3f40535c61

  • SSDEEP

    3072:lxOvJRcE0srzPNzoS0duNOx7ksl5oyAvEyIIWXIpRe6gta:IJRcsrezdu0x7km5oyAvEjxcgt

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      d809c8711fc3d906b79a0d80e3b10461_JaffaCakes118

    • Size

      167KB

    • MD5

      d809c8711fc3d906b79a0d80e3b10461

    • SHA1

      c9d5781376f572f7f0c06d6048bbeef76f853187

    • SHA256

      93974daf245cf75829a16fd39adb7b8555ff9b319c07759c7393d4994e6a0168

    • SHA512

      b14badbfb2fffcfc0e74ee7cd421ca01f4ddfd0e3431e544a12f63993474d803930cbbdd954f4c530be037278a424fd75f7387fac1a33f2dc9392c3f40535c61

    • SSDEEP

      3072:lxOvJRcE0srzPNzoS0duNOx7ksl5oyAvEyIIWXIpRe6gta:IJRcsrezdu0x7km5oyAvEjxcgt

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks