Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
12-01-2025 12:53
General
-
Target
JaffaCakes118_0f1338e1991adc7f282be7b9bf1ff834.exe
-
Size
188KB
-
MD5
0f1338e1991adc7f282be7b9bf1ff834
-
SHA1
1f10d0ffbe9ae4e312d7e0b435aeb4a04fd70efc
-
SHA256
19e9e59ba2f284bc7df20c817e539b04bd76883ea85c7635b5f0bf3b35a2761b
-
SHA512
792962ab530720226285324a09db8712a41a6dfbd47c0ff28a672f9ff70bd8ca764a3737033f32d809127282a44dcbd58f785fa4b58e2d278d293a45138fe5bf
-
SSDEEP
3072:bjNiyF5DyhIFYdZrmM4n1XvudI1V+6rdj7xE3GSo3ln+xRf2RKoUY6u//Y7KoO:XNikFyCFYdgM3dIBr5i2Sa5KQAt
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 5 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 7 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0f1338e1991adc7f282be7b9bf1ff834.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0f1338e1991adc7f282be7b9bf1ff834.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0f1338e1991adc7f282be7b9bf1ff834.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0f1338e1991adc7f282be7b9bf1ff834.exe startC:\Program Files (x86)\LP\0FD5\B11.exe%C:\Program Files (x86)\LP\0FD52⤵
-
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0f1338e1991adc7f282be7b9bf1ff834.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_0f1338e1991adc7f282be7b9bf1ff834.exe startC:\Users\Admin\AppData\Roaming\50F9E\BE40F.exe%C:\Users\Admin\AppData\Roaming\50F9E2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
996B
MD551fa23a351ef78858e704aacffa33134
SHA1b45fa055ed0b0312413c1bab9be528dc26d4ff39
SHA2569a0f6fe761f9df8cdf8a096d5ebefa3bc67e6dd3764e91ddcb1363d281ce5d5d
SHA5124c02b53c88e9095623aaa4287441ca07bb11a9d844fff1acb05bde073347085bd5785666284afa86ab3e062f40f3dcccde8ef9e3eb4dba53bc6cdceeb0d59e8e
-
Filesize
600B
MD5ca5012eb32f98a0f447528fd11213205
SHA1064c1b027b0691448dba9a71c8c51478a4f77cf1
SHA256008a58bd97bbc5e858402e632bc92df4ee4fcb8f7b09bc1a838eb8ed3a2dffac
SHA512d75080e3c54d0c080e28e9d6fc9d110016c26d96eb53743f5266f34b8ee8bf0eda9d530b1994b0a366e863e8eb43d116143ca807b640eacb37efd2d32815d489
-
Filesize
1KB
MD5549d5a214a8d6e2815ee2281e71a9760
SHA1f04ba7f3a5a057d1db1f84bfa36e98eb1eef9788
SHA2568d85aab8c93bfc16182daa43f8556854ce614f869c23fd8a61a874888a97f75a
SHA512c70b2ee46324f85d6837bb984257dc22713f958a18b18ef5fa7e324ab6e8f10fd1302cd7688fee4c16d020d61d77a655f306fe0b80776c5ff6aed4493abae78b
-
Filesize
328KB
-
Filesize
340KB
-
Filesize
340KB
-
Filesize
328KB
-
Filesize
340KB
-
Filesize
340KB
-
Filesize
340KB
-
Filesize
340KB
-
Filesize
340KB