Overview

overview

10

Static

static

3

f502eef7ce...18.exe

windows7-x64

10

f502eef7ce...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f502eef7ce2c0ea0f307511cbf71522b_JaffaCakes118

  • Size

    167KB

  • Sample

    241215-v1798a1lez

  • MD5

    f502eef7ce2c0ea0f307511cbf71522b

  • SHA1

    b0b8066f19911657405038497b5b917fda94d0f9

  • SHA256

    bd68874a269bc8bc1d288363fe8fa5c8eabed3c68c559881250d75714e9e2dc2

  • SHA512

    e61c82e2fcb9657e5a76277c4979d767bb5f10829fffb21d008a093774e2fedfb53f9bf894521bfc2900d42265c49cc553a4f7543185f78dfdc661cd81f7d5eb

  • SSDEEP

    3072:qZDtpSLETxfdEH3qxyXSGMCa6IXWThRsZz6K/Hqm0v:kWCfdAqxyiGMBGhRtgHJm

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      f502eef7ce2c0ea0f307511cbf71522b_JaffaCakes118

    • Size

      167KB

    • MD5

      f502eef7ce2c0ea0f307511cbf71522b

    • SHA1

      b0b8066f19911657405038497b5b917fda94d0f9

    • SHA256

      bd68874a269bc8bc1d288363fe8fa5c8eabed3c68c559881250d75714e9e2dc2

    • SHA512

      e61c82e2fcb9657e5a76277c4979d767bb5f10829fffb21d008a093774e2fedfb53f9bf894521bfc2900d42265c49cc553a4f7543185f78dfdc661cd81f7d5eb

    • SSDEEP

      3072:qZDtpSLETxfdEH3qxyXSGMCa6IXWThRsZz6K/Hqm0v:kWCfdAqxyiGMBGhRtgHJm

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks