Overview

overview

10

Static

static

3

JaffaCakes...b0.exe

windows7-x64

10

JaffaCakes...b0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5630f17270525ef53fc5ccb7bd8ed3b0

  • Size

    171KB

  • Sample

    250115-n27azs1rhv

  • MD5

    5630f17270525ef53fc5ccb7bd8ed3b0

  • SHA1

    c9be2534fffd3bfdd149dcd2a124a2a4af0414b3

  • SHA256

    4cb49ad7f1e16bd5158b8abd2354d36a0bbf54e899bc9352d2d2ec6af18e10e1

  • SHA512

    22f153a68dec983d823ee2fb8b09a51ab05e627bd1a60cfa08417b62d1d63d4f5cb65b9805ce3e38b11c8f5546e1355ac3959f4d8afd64ac29375f8a1ab6bc2b

  • SSDEEP

    3072:Xattpf0CgopEWhblExWboqU9NdrfqOB9kfdpdEegomTwGxlIY:ctpf0sEWhbDoN97WOnkfLCT7wC

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_5630f17270525ef53fc5ccb7bd8ed3b0

    • Size

      171KB

    • MD5

      5630f17270525ef53fc5ccb7bd8ed3b0

    • SHA1

      c9be2534fffd3bfdd149dcd2a124a2a4af0414b3

    • SHA256

      4cb49ad7f1e16bd5158b8abd2354d36a0bbf54e899bc9352d2d2ec6af18e10e1

    • SHA512

      22f153a68dec983d823ee2fb8b09a51ab05e627bd1a60cfa08417b62d1d63d4f5cb65b9805ce3e38b11c8f5546e1355ac3959f4d8afd64ac29375f8a1ab6bc2b

    • SSDEEP

      3072:Xattpf0CgopEWhblExWboqU9NdrfqOB9kfdpdEegomTwGxlIY:ctpf0sEWhbDoN97WOnkfLCT7wC

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks