General

  • Target

    JaffaCakes118_7aec16a8fb5f01f89e648e335ab38cd3

  • Size

    165KB

  • Sample

    250116-s53jesxrhj

  • MD5

    7aec16a8fb5f01f89e648e335ab38cd3

  • SHA1

    ecfbdcdff8e1536413e26ac257278fd31c522c1c

  • SHA256

    1fbd2d21d2701a6b0404d9cc6a450820da3efaa28889b2978290ced398b63b82

  • SHA512

    b3348027a8fad6a22a95a63bb30f1512bcea92f79777ca14205c24d9115641415f31358fc057bee22cd98a33c8b7a25db80440d05d27b6ab97d7be1327eb29a2

  • SSDEEP

    3072:h5G2xOekJm/xV97W5OcP2kexGB+IQTca3ThqGAT5mekez5JvWXAn9F+lhw:XB7kJm/xr7W5Og+Y+QOh0w0zWXeSlhw

Malware Config

Targets

    • Target

      JaffaCakes118_7aec16a8fb5f01f89e648e335ab38cd3

    • Size

      165KB

    • MD5

      7aec16a8fb5f01f89e648e335ab38cd3

    • SHA1

      ecfbdcdff8e1536413e26ac257278fd31c522c1c

    • SHA256

      1fbd2d21d2701a6b0404d9cc6a450820da3efaa28889b2978290ced398b63b82

    • SHA512

      b3348027a8fad6a22a95a63bb30f1512bcea92f79777ca14205c24d9115641415f31358fc057bee22cd98a33c8b7a25db80440d05d27b6ab97d7be1327eb29a2

    • SSDEEP

      3072:h5G2xOekJm/xV97W5OcP2kexGB+IQTca3ThqGAT5mekez5JvWXAn9F+lhw:XB7kJm/xr7W5Og+Y+QOh0w0zWXeSlhw

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks