Overview

overview

10

Static

static

3

JaffaCakes...67.exe

windows7-x64

10

JaffaCakes...67.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_7266056e25fe8b7dbb52e5fbb0c22f67

  • Size

    169KB

  • Sample

    250116-lnkhystrat

  • MD5

    7266056e25fe8b7dbb52e5fbb0c22f67

  • SHA1

    7614c024f3476c1dccf37516f632fcc63653a1df

  • SHA256

    1f49328e7a617685196b1495c6e650f5c86f26e66cf8f896ce45ddf4da5a6ff0

  • SHA512

    554734d9ddef4594d4d1a7407d3a34484b91f5a0faa47e3f893eb7e3b0031434caf8f46c5a73bcb487608da8e9537a2560c15cc995f1d6b745a0090ecf21643b

  • SSDEEP

    3072:fpPSxw5COty1PDRwNQsTFpOdy4MlFZjRWLlq3OE1/Mrr8NLc:fp0htTgQogs4MpRWYOE12r8

Score
10/10
cycbotbackdoordiscoverypersistenceratupx

Malware Config

Targets

    • Target

      JaffaCakes118_7266056e25fe8b7dbb52e5fbb0c22f67

    • Size

      169KB

    • MD5

      7266056e25fe8b7dbb52e5fbb0c22f67

    • SHA1

      7614c024f3476c1dccf37516f632fcc63653a1df

    • SHA256

      1f49328e7a617685196b1495c6e650f5c86f26e66cf8f896ce45ddf4da5a6ff0

    • SHA512

      554734d9ddef4594d4d1a7407d3a34484b91f5a0faa47e3f893eb7e3b0031434caf8f46c5a73bcb487608da8e9537a2560c15cc995f1d6b745a0090ecf21643b

    • SSDEEP

      3072:fpPSxw5COty1PDRwNQsTFpOdy4MlFZjRWLlq3OE1/Mrr8NLc:fp0htTgQogs4MpRWYOE12r8

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks