Overview

overview

10

Static

static

3

fd3fa6e12f...18.exe

windows7-x64

10

fd3fa6e12f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd3fa6e12fe9133773313ba9f08cbab2_JaffaCakes118

  • Size

    171KB

  • Sample

    241218-1np6rstngk

  • MD5

    fd3fa6e12fe9133773313ba9f08cbab2

  • SHA1

    75f336a7244aa3acf38201c4496d427fb750e8d7

  • SHA256

    b2a0dc27945f178122b79c2afad14e4fe4a3232741703165e3a7ece31d4daebe

  • SHA512

    271a98333e439cbacefd5ba994687d6616ff76ad27e2f0d156486733e79f4b20c41b04c1400e29a82fe9f09d60b94d570e71011a809cd46e391147b83773229b

  • SSDEEP

    3072:QlAWWSspBqzrJUqnd/HY9JGQ11Or1qKAfdokTK/OF/kltwI7:vfbCrbnlaJDi1M5TdebwI

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      fd3fa6e12fe9133773313ba9f08cbab2_JaffaCakes118

    • Size

      171KB

    • MD5

      fd3fa6e12fe9133773313ba9f08cbab2

    • SHA1

      75f336a7244aa3acf38201c4496d427fb750e8d7

    • SHA256

      b2a0dc27945f178122b79c2afad14e4fe4a3232741703165e3a7ece31d4daebe

    • SHA512

      271a98333e439cbacefd5ba994687d6616ff76ad27e2f0d156486733e79f4b20c41b04c1400e29a82fe9f09d60b94d570e71011a809cd46e391147b83773229b

    • SSDEEP

      3072:QlAWWSspBqzrJUqnd/HY9JGQ11Or1qKAfdokTK/OF/kltwI7:vfbCrbnlaJDi1M5TdebwI

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks