Overview

overview

10

Static

static

3

JaffaCakes...64.exe

windows7-x64

10

JaffaCakes...64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_63a64fab1dcd6d59778659d433304664

  • Size

    175KB

  • Sample

    250102-js5ctavker

  • MD5

    63a64fab1dcd6d59778659d433304664

  • SHA1

    e7db1b5fc5cbc531dbc19fc18082a77ef04a8fbe

  • SHA256

    c7374243439e3c3c8255d16edc4b4bc88d58ce41852b8fc231410d30443093c6

  • SHA512

    a5148019a28e1fdec192bfc0c48242a98c86065ef814f9afaba67ba103c1443b633416c2f24d03067665297a60e6702298b94abe440d681119dc7656da25dc88

  • SSDEEP

    3072:eyhMAEU+IpLrMRWZnXGadK6PeYpNkpLPqeKP4Hgtr4LcSu0iSjqUU1:eSCURauGUFUcSu0iSC

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_63a64fab1dcd6d59778659d433304664

    • Size

      175KB

    • MD5

      63a64fab1dcd6d59778659d433304664

    • SHA1

      e7db1b5fc5cbc531dbc19fc18082a77ef04a8fbe

    • SHA256

      c7374243439e3c3c8255d16edc4b4bc88d58ce41852b8fc231410d30443093c6

    • SHA512

      a5148019a28e1fdec192bfc0c48242a98c86065ef814f9afaba67ba103c1443b633416c2f24d03067665297a60e6702298b94abe440d681119dc7656da25dc88

    • SSDEEP

      3072:eyhMAEU+IpLrMRWZnXGadK6PeYpNkpLPqeKP4Hgtr4LcSu0iSjqUU1:eSCURauGUFUcSu0iSC

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks