Overview

overview

10

Static

static

3

JaffaCakes...04.exe

windows7-x64

10

JaffaCakes...04.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_7f52f796ddf5cdd2a86d2d036fc70304

  • Size

    200KB

  • Sample

    250116-xnjr7svmal

  • MD5

    7f52f796ddf5cdd2a86d2d036fc70304

  • SHA1

    06f73ff2fc2df4d78a1c17831c350183773f8299

  • SHA256

    691500c0c35428fc9129a6fa731ff04be50e07091bc1e5141533e6b68760d2b3

  • SHA512

    06f0c9c4ec89f491e18421efc108b9989fee93eaa1927ca00337f0fb454042a0f54841b98c7f64bcb21ac3f4bbe9234ca4473c9f9b909cd6f0a4ace94c2c6ee4

  • SSDEEP

    6144:18YTDg9t8RNT8e553ilqkSraOp8ClrtxSqrD:1s9t8TpeDJO7lRQk

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_7f52f796ddf5cdd2a86d2d036fc70304

    • Size

      200KB

    • MD5

      7f52f796ddf5cdd2a86d2d036fc70304

    • SHA1

      06f73ff2fc2df4d78a1c17831c350183773f8299

    • SHA256

      691500c0c35428fc9129a6fa731ff04be50e07091bc1e5141533e6b68760d2b3

    • SHA512

      06f0c9c4ec89f491e18421efc108b9989fee93eaa1927ca00337f0fb454042a0f54841b98c7f64bcb21ac3f4bbe9234ca4473c9f9b909cd6f0a4ace94c2c6ee4

    • SSDEEP

      6144:18YTDg9t8RNT8e553ilqkSraOp8ClrtxSqrD:1s9t8TpeDJO7lRQk

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks