Overview

overview

10

Static

static

3

JaffaCakes...fd.exe

windows7-x64

10

JaffaCakes...fd.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6efcafcd67f55f3f028f75f5880e40fd

  • Size

    154KB

  • Sample

    250103-x6b53szjay

  • MD5

    6efcafcd67f55f3f028f75f5880e40fd

  • SHA1

    ba639084abdda305a301e0b7613f67acafe49ad2

  • SHA256

    ff3a0792954dbbadbb8df68756c26d8e981bb6332f6d41100d1342d4f43e2a9e

  • SHA512

    9280625befabc6c58e4a8a531229d4d981007bcad3969d5df93f4b3f75cd4740b8d0e307623d610aa82f523fe156ab28bfac1eecc307c92f2c45058fd5876ae5

  • SSDEEP

    3072:magHBId31S6RmJNZVkcqnzpKTwBstNh46Ne1:mageFNREvV+FKTDv4+e1

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_6efcafcd67f55f3f028f75f5880e40fd

    • Size

      154KB

    • MD5

      6efcafcd67f55f3f028f75f5880e40fd

    • SHA1

      ba639084abdda305a301e0b7613f67acafe49ad2

    • SHA256

      ff3a0792954dbbadbb8df68756c26d8e981bb6332f6d41100d1342d4f43e2a9e

    • SHA512

      9280625befabc6c58e4a8a531229d4d981007bcad3969d5df93f4b3f75cd4740b8d0e307623d610aa82f523fe156ab28bfac1eecc307c92f2c45058fd5876ae5

    • SSDEEP

      3072:magHBId31S6RmJNZVkcqnzpKTwBstNh46Ne1:mageFNREvV+FKTDv4+e1

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks