Overview

overview

10

Static

static

3

d8d429f967...18.exe

windows7-x64

10

d8d429f967...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8d429f967e2119013210ef155571d1a_JaffaCakes118

  • Size

    172KB

  • Sample

    241209-kwdvpsxmgl

  • MD5

    d8d429f967e2119013210ef155571d1a

  • SHA1

    1f04289404930e79583345fd555d36f54d13e709

  • SHA256

    580ffa3d517ceb84f517877492ff44416ba1418d746fe676fb7b7ddb97b5e2a6

  • SHA512

    9109f865dac4310bc33fdf6fa6c098829334a642638f0031041e551f40d3240fac4c63f353c92372a662985231cccc6f235eb452508c9f601df0f5e5034afb34

  • SSDEEP

    3072:Pgqw8FIL6q4hrpvB5KMcpnK2W5HoA9jtxG6fgYA31UBrKws:Pgqw8FIL6nxdKM2KfHHjnIxOBDs

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      d8d429f967e2119013210ef155571d1a_JaffaCakes118

    • Size

      172KB

    • MD5

      d8d429f967e2119013210ef155571d1a

    • SHA1

      1f04289404930e79583345fd555d36f54d13e709

    • SHA256

      580ffa3d517ceb84f517877492ff44416ba1418d746fe676fb7b7ddb97b5e2a6

    • SHA512

      9109f865dac4310bc33fdf6fa6c098829334a642638f0031041e551f40d3240fac4c63f353c92372a662985231cccc6f235eb452508c9f601df0f5e5034afb34

    • SSDEEP

      3072:Pgqw8FIL6q4hrpvB5KMcpnK2W5HoA9jtxG6fgYA31UBrKws:Pgqw8FIL6nxdKM2KfHHjnIxOBDs

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks