cycbot | 71b893c3114cf33324998bbc2a7921feb75a78ff23c95966cb55b92a0f144b4e | Triage

Submit
Reports

Overview

overview

Static

static

3

dc2df23d6d...18.exe

windows7-x64

3

dc2df23d6d...18.exe

windows10-2004-x64

Sharing

General

Target

dc2df23d6d7eb88bc9c262228f8391ba_JaffaCakes118
Size

173KB
Sample

241210-aqxqhs1rgl
MD5

dc2df23d6d7eb88bc9c262228f8391ba
SHA1

41feac1a05b090ade52db12b885570be4f5f0e78
SHA256

71b893c3114cf33324998bbc2a7921feb75a78ff23c95966cb55b92a0f144b4e
SHA512

30a9c015960595b4f66d69fdc4d04f778a7ed536cc29ddb6b797a0dafa1d7baf33fd72b4e205957b04365eb7dc2cb590df685b91611acde17a73f170749cff9c
SSDEEP

3072:BEEGA3tiI4Jay87me/Y4uy5pMeSlY9pjrR:XGA3tMameiy52e2Yzj

Score

10^/10

cycbot backdoor discovery persistence rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dc2df23d6d7eb88bc9c262228f8391ba_JaffaCakes118.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

dc2df23d6d7eb88bc9c262228f8391ba_JaffaCakes118.exe

Resource

win10v2004-20241007-en

cycbot backdoor discovery persistence rat upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  dc2df23d6d7eb88bc9c262228f8391ba_JaffaCakes118
- Size
  
  173KB
- MD5
  
  dc2df23d6d7eb88bc9c262228f8391ba
- SHA1
  
  41feac1a05b090ade52db12b885570be4f5f0e78
- SHA256
  
  71b893c3114cf33324998bbc2a7921feb75a78ff23c95966cb55b92a0f144b4e
- SHA512
  
  30a9c015960595b4f66d69fdc4d04f778a7ed536cc29ddb6b797a0dafa1d7baf33fd72b4e205957b04365eb7dc2cb590df685b91611acde17a73f170749cff9c
- SSDEEP
  
  3072:BEEGA3tiI4Jay87me/Y4uy5pMeSlY9pjrR:XGA3tMameiy52e2Yzj
Score

10^/10

discovery cycbot backdoor persistence rat upx
- Cycbot
  Cycbot is a backdoor and trojan written in C++..
  backdoor rat cycbot
- Cycbot family
  cycbot
- Detects Cycbot payload
  Cycbot is a backdoor and trojan written in C++.
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

cycbotbackdoordiscoverypersistenceratupx

© 2018-2025

Terms | Privacy