cycbot | bd8c4f03932fa0171cf1fbd040d50269c1e3b7c7d84b04975753b3247e4652db | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

f038c8abcb...18.exe

windows7-x64

f038c8abcb...18.exe

windows10-2004-x64

3

Sharing

General

Target

f038c8abcb879e38bf27acb8db28e2a0_JaffaCakes118
Size

187KB
Sample

241214-xnhvxa1lg1
MD5

f038c8abcb879e38bf27acb8db28e2a0
SHA1

1c1fc5e80fd8b284607cfbaf9b8bf9b0cc58cdb4
SHA256

bd8c4f03932fa0171cf1fbd040d50269c1e3b7c7d84b04975753b3247e4652db
SHA512

637d73485aed793f9bada597a58593d8f5a0a9fbae862e7dea46fc6864c933bd5f84babcc1355d7418c5d147bc10732bb1e6408ad2792ed744011a8775d60f8d
SSDEEP

3072:fb9fR6vPhkm9gDdMM9T4wYkgVGIeuK9RWZBmVPKCuoyH:fb9J6BkDdMMCwYkgwbu2VVPnuoU

Score

10^/10

cycbot backdoor discovery rat spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f038c8abcb879e38bf27acb8db28e2a0_JaffaCakes118.exe

Resource

win7-20240903-en

cycbot backdoor discovery rat spyware stealer upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

f038c8abcb879e38bf27acb8db28e2a0_JaffaCakes118.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  f038c8abcb879e38bf27acb8db28e2a0_JaffaCakes118
- Size
  
  187KB
- MD5
  
  f038c8abcb879e38bf27acb8db28e2a0
- SHA1
  
  1c1fc5e80fd8b284607cfbaf9b8bf9b0cc58cdb4
- SHA256
  
  bd8c4f03932fa0171cf1fbd040d50269c1e3b7c7d84b04975753b3247e4652db
- SHA512
  
  637d73485aed793f9bada597a58593d8f5a0a9fbae862e7dea46fc6864c933bd5f84babcc1355d7418c5d147bc10732bb1e6408ad2792ed744011a8775d60f8d
- SSDEEP
  
  3072:fb9fR6vPhkm9gDdMM9T4wYkgVGIeuK9RWZBmVPKCuoyH:fb9J6BkDdMMCwYkgwbu2VVPnuoU
Score

10^/10

cycbot backdoor discovery rat spyware stealer upx
- Cycbot
  Cycbot is a backdoor and trojan written in C++..
  backdoor rat cycbot
- Cycbot family
  cycbot
- Detects Cycbot payload
  Cycbot is a backdoor and trojan written in C++.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cycbotbackdoordiscoveryratspywarestealerupx

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.