Overview

overview

10

Static

static

3

ff8069e9df...18.exe

windows7-x64

10

ff8069e9df...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff8069e9df5f033f25ed3cae4c44d26d_JaffaCakes118

  • Size

    169KB

  • Sample

    241219-mje84s1lfl

  • MD5

    ff8069e9df5f033f25ed3cae4c44d26d

  • SHA1

    c16b25ad819057d8c7d6e1aafb9b00506cd32fe0

  • SHA256

    bb81c43ac789ba1ff6323f2ae93c619012de472adcadb255e139d277acec0d78

  • SHA512

    b50c454980208fbce74b7a8d085ecbb59d83f90b0556dc1d328d9df186a1c2631c4a8fd3b0afb616a7cb0f11801acf784e384fea89ba82fce7b8a774fc7122f8

  • SSDEEP

    3072:qlnLPV0bgNVZ7lZimggJ57lyrEquWN5tQ57ziAx5ClB:qlh0MimB5IELSGOw

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      ff8069e9df5f033f25ed3cae4c44d26d_JaffaCakes118

    • Size

      169KB

    • MD5

      ff8069e9df5f033f25ed3cae4c44d26d

    • SHA1

      c16b25ad819057d8c7d6e1aafb9b00506cd32fe0

    • SHA256

      bb81c43ac789ba1ff6323f2ae93c619012de472adcadb255e139d277acec0d78

    • SHA512

      b50c454980208fbce74b7a8d085ecbb59d83f90b0556dc1d328d9df186a1c2631c4a8fd3b0afb616a7cb0f11801acf784e384fea89ba82fce7b8a774fc7122f8

    • SSDEEP

      3072:qlnLPV0bgNVZ7lZimggJ57lyrEquWN5tQ57ziAx5ClB:qlh0MimB5IELSGOw

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks