Overview

overview

10

Static

static

3

f04c49ee2b...18.exe

windows7-x64

10

f04c49ee2b...18.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f04c49ee2bfc17c0ad1f36946fa8b668_JaffaCakes118

  • Size

    198KB

  • Sample

    241214-x2gvrs1pgz

  • MD5

    f04c49ee2bfc17c0ad1f36946fa8b668

  • SHA1

    b07c956ae1ab20edf29ec9bee8c519e3fe69afd5

  • SHA256

    8bd9d7bc3c342f415240066c32041c8f7a8f652913a653ce7c769a0ffb6039bb

  • SHA512

    87bb3938e110db39a497e65a154ed115afd95caace0a805960898677a988f4cc33c803e9f666e58b4a965c907a8fcdaa79a5795d62df22baf0987fee93efcb46

  • SSDEEP

    6144:x38zsLiX4ldI59IU3lCNrAk3d5VIBksoS9KQ:xM/IdW6r/d+NnK

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      f04c49ee2bfc17c0ad1f36946fa8b668_JaffaCakes118

    • Size

      198KB

    • MD5

      f04c49ee2bfc17c0ad1f36946fa8b668

    • SHA1

      b07c956ae1ab20edf29ec9bee8c519e3fe69afd5

    • SHA256

      8bd9d7bc3c342f415240066c32041c8f7a8f652913a653ce7c769a0ffb6039bb

    • SHA512

      87bb3938e110db39a497e65a154ed115afd95caace0a805960898677a988f4cc33c803e9f666e58b4a965c907a8fcdaa79a5795d62df22baf0987fee93efcb46

    • SSDEEP

      6144:x38zsLiX4ldI59IU3lCNrAk3d5VIBksoS9KQ:xM/IdW6r/d+NnK

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks