Overview

overview

10

Static

static

3

dd861d2584...18.exe

windows7-x64

10

dd861d2584...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dd861d2584a7f9ace519217dac5b6491_JaffaCakes118

  • Size

    171KB

  • Sample

    241210-hp28lsxnf1

  • MD5

    dd861d2584a7f9ace519217dac5b6491

  • SHA1

    1989054faeb8eb020b28caf2f806e43ca2562243

  • SHA256

    3c6e64530090d7512859acd5dbee517cecbe74875c8d485cb73e514fb172123c

  • SHA512

    94595527ee1b6f383e5f54e1d0b58102b0c3776dfbb05aa138c6b397853cc6ac5b17ce6c84987b9ed979f5e901dd228d2a21da6c5fcd1400854b0dc07ffd1530

  • SSDEEP

    3072:uMXe2Klg0YHb6SiH7PUYpMaTzCPdcGq9zT6DsORMQ7c2Anx:ygt6SuPUn8C1vq9n6Jl7c2G

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      dd861d2584a7f9ace519217dac5b6491_JaffaCakes118

    • Size

      171KB

    • MD5

      dd861d2584a7f9ace519217dac5b6491

    • SHA1

      1989054faeb8eb020b28caf2f806e43ca2562243

    • SHA256

      3c6e64530090d7512859acd5dbee517cecbe74875c8d485cb73e514fb172123c

    • SHA512

      94595527ee1b6f383e5f54e1d0b58102b0c3776dfbb05aa138c6b397853cc6ac5b17ce6c84987b9ed979f5e901dd228d2a21da6c5fcd1400854b0dc07ffd1530

    • SSDEEP

      3072:uMXe2Klg0YHb6SiH7PUYpMaTzCPdcGq9zT6DsORMQ7c2Anx:ygt6SuPUn8C1vq9n6Jl7c2G

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks