Overview

overview

10

Static

static

3

de5653cf0d...18.exe

windows7-x64

10

de5653cf0d...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    de5653cf0d7b491fdb40b6637916ab13_JaffaCakes118

  • Size

    181KB

  • Sample

    241210-yfph6awkhz

  • MD5

    de5653cf0d7b491fdb40b6637916ab13

  • SHA1

    15bddbb336359eb0706a36e8d61c700efc068c63

  • SHA256

    84021a22457ad93f251de3f4238e58b611f36099248f24cc4147a34e5a5e94eb

  • SHA512

    0de104787347dfb21cdd87828aeccb99ee15e554234413967a1d93943f3ce6d2632cfdc62e1d5256db61b7dc1071a46de89256d1e295a8b61eb6416699db659a

  • SSDEEP

    3072:KRU4MXPhi2IHax3QJvXWY8LkYqWv9rh2vFsanr/VUJkcmmyEYh0J4pj:oU4aM20vq4oj2tr/4YP0G

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      de5653cf0d7b491fdb40b6637916ab13_JaffaCakes118

    • Size

      181KB

    • MD5

      de5653cf0d7b491fdb40b6637916ab13

    • SHA1

      15bddbb336359eb0706a36e8d61c700efc068c63

    • SHA256

      84021a22457ad93f251de3f4238e58b611f36099248f24cc4147a34e5a5e94eb

    • SHA512

      0de104787347dfb21cdd87828aeccb99ee15e554234413967a1d93943f3ce6d2632cfdc62e1d5256db61b7dc1071a46de89256d1e295a8b61eb6416699db659a

    • SSDEEP

      3072:KRU4MXPhi2IHax3QJvXWY8LkYqWv9rh2vFsanr/VUJkcmmyEYh0J4pj:oU4aM20vq4oj2tr/4YP0G

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks