cycbot | 12c681c995df3ee0ebfa932a476a813e3d76ea6c67a564b09700431eae28cc38 | Triage

Submit
Reports

Overview

overview

Static

static

3

f9194b7e3c...18.exe

windows7-x64

f9194b7e3c...18.exe

windows10-2004-x64

Sharing

General

Target

f9194b7e3c5e757d70512c16c6e5905c_JaffaCakes118
Size

172KB
Sample

241217-2fvxqa1rfm
MD5

f9194b7e3c5e757d70512c16c6e5905c
SHA1

6dd3fba556e8c9b9671878c137c1a437b036b685
SHA256

12c681c995df3ee0ebfa932a476a813e3d76ea6c67a564b09700431eae28cc38
SHA512

516fd7035937d59690a07c28fdab8748e882dc410e62c884b76782678fc7a493c7560bf327d3f3e0a28201a5a1f05d5001555765d2c2df6df71192d84bca57b7
SSDEEP

3072:97p4RD9L54Gj+Zz/RKQq3niuwI0UD1U4w7ejvTYxD/PcLJWA:RS19yxVpKQ6z1U4w8TYxzH

Score

10^/10

cycbot backdoor discovery persistence rat spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f9194b7e3c5e757d70512c16c6e5905c_JaffaCakes118.exe

Resource

win7-20240903-en

cycbot backdoor discovery persistence rat spyware stealer upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f9194b7e3c5e757d70512c16c6e5905c_JaffaCakes118.exe

Resource

win10v2004-20241007-en

cycbot backdoor discovery persistence rat upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  f9194b7e3c5e757d70512c16c6e5905c_JaffaCakes118
- Size
  
  172KB
- MD5
  
  f9194b7e3c5e757d70512c16c6e5905c
- SHA1
  
  6dd3fba556e8c9b9671878c137c1a437b036b685
- SHA256
  
  12c681c995df3ee0ebfa932a476a813e3d76ea6c67a564b09700431eae28cc38
- SHA512
  
  516fd7035937d59690a07c28fdab8748e882dc410e62c884b76782678fc7a493c7560bf327d3f3e0a28201a5a1f05d5001555765d2c2df6df71192d84bca57b7
- SSDEEP
  
  3072:97p4RD9L54Gj+Zz/RKQq3niuwI0UD1U4w7ejvTYxD/PcLJWA:RS19yxVpKQ6z1U4w8TYxzH
Score

10^/10

cycbot backdoor discovery persistence rat spyware stealer upx
- Cycbot
  Cycbot is a backdoor and trojan written in C++..
  backdoor rat cycbot
- Cycbot family
  cycbot
- Detects Cycbot payload
  Cycbot is a backdoor and trojan written in C++.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cycbotbackdoordiscoverypersistenceratspywarestealerupx

behavioral2

cycbotbackdoordiscoverypersistenceratupx

© 2018-2025

Terms | Privacy