Overview

overview

10

Static

static

3

e40061adb0...18.exe

windows7-x64

10

e40061adb0...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e40061adb0a7d4632d60dd05a141a9dd_JaffaCakes118

  • Size

    176KB

  • Sample

    241212-bewvhsvlhw

  • MD5

    e40061adb0a7d4632d60dd05a141a9dd

  • SHA1

    b2be93887080ae26bf970ed8445fc8220721fb13

  • SHA256

    8b46106985b66c08217ca954ce45e0782cc9656fc7ed2b1fe189b2fc8bd21281

  • SHA512

    cc2d2acfc8ae52991d17021a71a9b4cba5390c7f668ba43b9be1b0b34c5ae56c3ba07dc05ace84fd81208aa05e1874b18d926bbb802bbabfd2cde7b8ab5942b6

  • SSDEEP

    3072:GJ4ujspDuTsIDV/gWtgapfGOLxJUgi9WSV4x7KEigdG:GJtwSsIJ/g9apeOLjb6VV4M

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      e40061adb0a7d4632d60dd05a141a9dd_JaffaCakes118

    • Size

      176KB

    • MD5

      e40061adb0a7d4632d60dd05a141a9dd

    • SHA1

      b2be93887080ae26bf970ed8445fc8220721fb13

    • SHA256

      8b46106985b66c08217ca954ce45e0782cc9656fc7ed2b1fe189b2fc8bd21281

    • SHA512

      cc2d2acfc8ae52991d17021a71a9b4cba5390c7f668ba43b9be1b0b34c5ae56c3ba07dc05ace84fd81208aa05e1874b18d926bbb802bbabfd2cde7b8ab5942b6

    • SSDEEP

      3072:GJ4ujspDuTsIDV/gWtgapfGOLxJUgi9WSV4x7KEigdG:GJtwSsIJ/g9apeOLjb6VV4M

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks