Overview

overview

10

Static

static

3

JaffaCakes...40.exe

windows7-x64

10

JaffaCakes...40.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_7892fac82ab62b2b006373ff7db24c40

  • Size

    174KB

  • Sample

    250116-rcc8dsvkcl

  • MD5

    7892fac82ab62b2b006373ff7db24c40

  • SHA1

    8c5a0b0506d6dcf9b3ab5fb6822f217167365079

  • SHA256

    1150039148fb937a29d6bb7124163316af05121698c371ee484830365fa2a5f2

  • SHA512

    e882b2b39f5c9a4c3a31081235bbe1f3375b14b91a98ed369ee4845c411163140e3e2906add14946a05e2eac1d7d7ba9e00fcc228781b7d36fc3314c1d0e7f03

  • SSDEEP

    3072:8pRtjHU0Kgvu3BPbBniNxZYotlCSo9TyhW4ViLFWbVs5BJhUcge:SzHU0KgvSBPkaTnFWbVqzhUcT

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_7892fac82ab62b2b006373ff7db24c40

    • Size

      174KB

    • MD5

      7892fac82ab62b2b006373ff7db24c40

    • SHA1

      8c5a0b0506d6dcf9b3ab5fb6822f217167365079

    • SHA256

      1150039148fb937a29d6bb7124163316af05121698c371ee484830365fa2a5f2

    • SHA512

      e882b2b39f5c9a4c3a31081235bbe1f3375b14b91a98ed369ee4845c411163140e3e2906add14946a05e2eac1d7d7ba9e00fcc228781b7d36fc3314c1d0e7f03

    • SSDEEP

      3072:8pRtjHU0Kgvu3BPbBniNxZYotlCSo9TyhW4ViLFWbVs5BJhUcge:SzHU0KgvSBPkaTnFWbVqzhUcT

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks