Overview

overview

10

Static

static

3

e45f4bcf64...18.exe

windows7-x64

10

e45f4bcf64...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e45f4bcf646b25ed4330d4e4e55a36b0_JaffaCakes118

  • Size

    174KB

  • Sample

    241212-dfad1sspdl

  • MD5

    e45f4bcf646b25ed4330d4e4e55a36b0

  • SHA1

    2ed8a96e7b2c144e0cc1cc6027fa273baf14fd47

  • SHA256

    7fa244e4129a71d4cf6665252afc36e11ba708e89a7a7b40adb595edd086bdbd

  • SHA512

    505206f2483b093ea0e0c16b3829cd41175f084b44ecf97b3cb8f6be0abdfe168737f956fae88972855869345851a917c5f3c0297d360f72b6e5843c13f832a6

  • SSDEEP

    3072:k8SlZitzz8g4OujMoxYuOiOg3HOqZrVkKZSekQwYKR2++AMR2U7W:k8Gs9z8KmDOvgbqNYKIbRj

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      e45f4bcf646b25ed4330d4e4e55a36b0_JaffaCakes118

    • Size

      174KB

    • MD5

      e45f4bcf646b25ed4330d4e4e55a36b0

    • SHA1

      2ed8a96e7b2c144e0cc1cc6027fa273baf14fd47

    • SHA256

      7fa244e4129a71d4cf6665252afc36e11ba708e89a7a7b40adb595edd086bdbd

    • SHA512

      505206f2483b093ea0e0c16b3829cd41175f084b44ecf97b3cb8f6be0abdfe168737f956fae88972855869345851a917c5f3c0297d360f72b6e5843c13f832a6

    • SSDEEP

      3072:k8SlZitzz8g4OujMoxYuOiOg3HOqZrVkKZSekQwYKR2++AMR2U7W:k8Gs9z8KmDOvgbqNYKIbRj

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks