cycbot

General

Target

db6335cd97bfb7827eef58389406da34_JaffaCakes118
Size

449KB
Sample

241209-y7m5eaznav
MD5

db6335cd97bfb7827eef58389406da34
SHA1

bf890f4796b84b0a43b52e14cb176cbfb6824b99
SHA256

e3a7576bcf3c4dbe622fee504f227b9277464a2052ec949f152da4217149f0ce
SHA512

e803210608f6093b373d1f2cf2519a8a327ca008c506dab10854963302c0a8ac381ce13992d6c5813aef84dd9b3c0fb508f5501bd535977d70618327d222e314
SSDEEP

12288:lxUI/vUesMeC+IuUZXkqG6zuNyYyPVTmCZFAbW:lxUovUeT+XUZXFuNyYyhHAy

Score

10^/10

Malware Config

Targets

- Target
  
  conhost.txt
- Size
  
  170KB
- MD5
  
  7ac38de1d2bbed88a7a11e015d12a2a6
- SHA1
  
  661e558267e5b301e0df29e88ff12a3d783353d7
- SHA256
  
  81ba9b2a1b6cb4955eaa2e98181c0857f5debadf0c2c5db6c73edbebbf5a61ae
- SHA512
  
  c02a29345ea4898f5f0b98b3f08558adb0e9cfd681ff1be1979a672005f83107f8b1ede6623719fd9417fb9e8ed42ff9ceac10060ef360a7818959feaef94906
- SSDEEP
  
  3072:+YahorLVDXDnvSUldxcNsplALB+VvcS2lagG2ranXx/WU5kqlZJ5tV4fd6hRH:+Do3VDfZcOLAF+Vv2wH2raXpWy5rVwy
Score

10^/10

cycbot backdoor discovery persistence rat spyware stealer upx
- Cycbot
  Cycbot is a backdoor and trojan written in C++..
  backdoor rat cycbot
- Cycbot family
  cycbot
- Detects Cycbot payload
  Cycbot is a backdoor and trojan written in C++.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  csrss.txt
- Size
  
  192KB
- MD5
  
  864a00dc8fb5fa5e012db37c02bc7885
- SHA1
  
  53e852f83632668b9d20a43014dce5e13b1ce9c9
- SHA256
  
  c1139525258f7bb519b02a7969a5c1a3494c084b73e3bbb7cda82587237a7cfe
- SHA512
  
  37b7bd106ef023eaf2de0e7fee16439db360e162bf33e6308c726cae26350785577f38eca2637f4853000fb7ffeef94e1671a0918d3f6edabd866d7e0550d9c7
- SSDEEP
  
  3072:eJ0idJvZLj1PC6XdOjQ93uoRCMqimiFCUoaN0CZSQBc5T+B7blSH70f0nA:9iDZLj1aAQjExnaQCHHQBcYR8H4g
Score

10^/10

cycbot backdoor discovery rat spyware stealer upx
- Cycbot
  Cycbot is a backdoor and trojan written in C++..
  backdoor rat cycbot
- Cycbot family
  cycbot
- Detects Cycbot payload
  Cycbot is a backdoor and trojan written in C++.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral3 behavioral4
- Target
  
  dwm.txt
- Size
  
  176KB
- MD5
  
  e767c8cc82455adeb3449c6f4b52eecf
- SHA1
  
  96ae33d589e81d7732bddd480165712e593619a6
- SHA256
  
  ab1bc691bfbe5f8bb76938bcf024678dc8505dcd4c0cc811d6db5eb0f5174537
- SHA512
  
  914192a5c92c1aac13d3e726ba7c512dc8cd8f34b98809b1d56ada8382f3e39219cd043404472e02e98ceb590d3a0456d76c051edaa19e9cf0e15f6e23f4398a
- SSDEEP
  
  3072:ZyMyARFdjQh68vOj+OdgHzMC5oWQWqGbItt7QPL+aD1L4K:ZyMy68Q+OdqZoWzbktJQzXD1kK
Score

10^/10

cycbot backdoor discovery persistence rat spyware stealer upx
- Cycbot
  Cycbot is a backdoor and trojan written in C++..
  backdoor rat cycbot
- Cycbot family
  cycbot
- Detects Cycbot payload
  Cycbot is a backdoor and trojan written in C++.
- Modifies WinLogon for persistence
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6