Overview

overview

10

Static

static

3

f276498ca3...18.exe

windows7-x64

10

f276498ca3...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f276498ca3368e3b3cae395669c90113_JaffaCakes118

  • Size

    166KB

  • Sample

    241215-fxvsdsvnct

  • MD5

    f276498ca3368e3b3cae395669c90113

  • SHA1

    3959fe3c96c57e28009b09d20386e8e87b730479

  • SHA256

    941ed418d8b00521ffef714afcf38d5c85bfc708b32b2e113c743e6aecfc203d

  • SHA512

    cad6ab73ac04daabf1620ada048f9856ff1edc3e541d0af612460ebcfaf5da39c82202eca59faa066e6a8fbfd2323a020722b953716cbb2236016a7ac16c6090

  • SSDEEP

    3072:z8qeqDUP9qIBQUnwQNUWQTGHXikSh/8r5pvEz/GtelvG3s:zReq09qIWUJuGHX+Or5iz+T

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      f276498ca3368e3b3cae395669c90113_JaffaCakes118

    • Size

      166KB

    • MD5

      f276498ca3368e3b3cae395669c90113

    • SHA1

      3959fe3c96c57e28009b09d20386e8e87b730479

    • SHA256

      941ed418d8b00521ffef714afcf38d5c85bfc708b32b2e113c743e6aecfc203d

    • SHA512

      cad6ab73ac04daabf1620ada048f9856ff1edc3e541d0af612460ebcfaf5da39c82202eca59faa066e6a8fbfd2323a020722b953716cbb2236016a7ac16c6090

    • SSDEEP

      3072:z8qeqDUP9qIBQUnwQNUWQTGHXikSh/8r5pvEz/GtelvG3s:zReq09qIWUJuGHX+Or5iz+T

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks