Overview

overview

10

Static

static

3

f019c2b9c2...18.exe

windows7-x64

10

f019c2b9c2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f019c2b9c2b6a64d57cd4a5b052e35a9_JaffaCakes118

  • Size

    166KB

  • Sample

    241214-w3m8haskhm

  • MD5

    f019c2b9c2b6a64d57cd4a5b052e35a9

  • SHA1

    35ecca319710a28d470286432cabb391816642c0

  • SHA256

    bdbe75670b11c01aef51a04f979a60fd545e4ee07ccc6efc11e085a1dd131866

  • SHA512

    749653102095d8b530ce9c524d5d4dcc5744eb51df04685ff3b544a54386c37c028f520054efa726222f9f1468f7251272773ddddfa9ce5cf8d523c6b330c2e3

  • SSDEEP

    3072:vufEwW90LLrjzeNaDaW1S2XyabQNPxPHtHTk8cRB:2sF0eJW1rNbuFA8oB

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      f019c2b9c2b6a64d57cd4a5b052e35a9_JaffaCakes118

    • Size

      166KB

    • MD5

      f019c2b9c2b6a64d57cd4a5b052e35a9

    • SHA1

      35ecca319710a28d470286432cabb391816642c0

    • SHA256

      bdbe75670b11c01aef51a04f979a60fd545e4ee07ccc6efc11e085a1dd131866

    • SHA512

      749653102095d8b530ce9c524d5d4dcc5744eb51df04685ff3b544a54386c37c028f520054efa726222f9f1468f7251272773ddddfa9ce5cf8d523c6b330c2e3

    • SSDEEP

      3072:vufEwW90LLrjzeNaDaW1S2XyabQNPxPHtHTk8cRB:2sF0eJW1rNbuFA8oB

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks