General

  • Target

    JaffaCakes118_73758fa615f728d11838e37a44b6518c

  • Size

    179KB

  • Sample

    250116-mfkpeswldw

  • MD5

    73758fa615f728d11838e37a44b6518c

  • SHA1

    876463c450e82fabe4ddfc382d34e478f49b5d11

  • SHA256

    71c1ecfc638f50a38a3011d6fd8940475cdcd6859f6679951a3f6fae8b3b05f3

  • SHA512

    34b58f5cd53aeff343666a62c08f5a4aa6ec6b1129ea9693b9455dacb651e68df8e51f951c52d75a640d62884614297872f4110d1d35e0d593f02acec078b88a

  • SSDEEP

    3072:dHvqg5iVTxQ1Mgi0vMiQLWB6lpwyvUy3WLG3c4GfybK:Bqgr1MgiHFpzvd3ThG

Malware Config

Targets

    • Target

      JaffaCakes118_73758fa615f728d11838e37a44b6518c

    • Size

      179KB

    • MD5

      73758fa615f728d11838e37a44b6518c

    • SHA1

      876463c450e82fabe4ddfc382d34e478f49b5d11

    • SHA256

      71c1ecfc638f50a38a3011d6fd8940475cdcd6859f6679951a3f6fae8b3b05f3

    • SHA512

      34b58f5cd53aeff343666a62c08f5a4aa6ec6b1129ea9693b9455dacb651e68df8e51f951c52d75a640d62884614297872f4110d1d35e0d593f02acec078b88a

    • SSDEEP

      3072:dHvqg5iVTxQ1Mgi0vMiQLWB6lpwyvUy3WLG3c4GfybK:Bqgr1MgiHFpzvd3ThG

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks