Overview

overview

10

Static

static

3

JaffaCakes...9a.exe

windows7-x64

10

JaffaCakes...9a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5b9142d6316eb42620f9c0a51d58e99a

  • Size

    177KB

  • Sample

    250115-tfpfyaxmdt

  • MD5

    5b9142d6316eb42620f9c0a51d58e99a

  • SHA1

    419d6d02b650d0a57b5c3a37a4abb7c6553c1363

  • SHA256

    2e07ec34fa646659226d4b004bdadc0da6f462e8d69cb88607b157b52cc32d6d

  • SHA512

    76c7996aa7f5219423da232c862586a311c106fd7f76b392bf1fd12e683417592feeb5262ec45be39bdff6d515bf579678c5cb800fa483549876f3dbd20436c8

  • SSDEEP

    3072:tRHpQhbq6/CQuMOEg2Iuqvrr4RP09xZX787esJoOErMDHqD9jh1:tRHq46qQ52uqvAR0z5Ie4y4+Dp

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_5b9142d6316eb42620f9c0a51d58e99a

    • Size

      177KB

    • MD5

      5b9142d6316eb42620f9c0a51d58e99a

    • SHA1

      419d6d02b650d0a57b5c3a37a4abb7c6553c1363

    • SHA256

      2e07ec34fa646659226d4b004bdadc0da6f462e8d69cb88607b157b52cc32d6d

    • SHA512

      76c7996aa7f5219423da232c862586a311c106fd7f76b392bf1fd12e683417592feeb5262ec45be39bdff6d515bf579678c5cb800fa483549876f3dbd20436c8

    • SSDEEP

      3072:tRHpQhbq6/CQuMOEg2Iuqvrr4RP09xZX787esJoOErMDHqD9jh1:tRHq46qQ52uqvAR0z5Ie4y4+Dp

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks