Overview

overview

10

Static

static

3

JaffaCakes...74.exe

windows7-x64

10

JaffaCakes...74.exe

windows10-2004-x64

5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_98371e807425a7344432b08125335874

  • Size

    209KB

  • Sample

    250117-1rgzkatphs

  • MD5

    98371e807425a7344432b08125335874

  • SHA1

    c42a4a7c62a5507ff88ada4e95999c5fb49a579a

  • SHA256

    4bda2a432c5282559d6f4f59e1886ddd2620468a2187af0511b00b9633f54d56

  • SHA512

    f75aacb53b3868ee588d9a339488141a21b523700387c325554fbc6c368bf8fc51947b7e4b932340526c093aa28a859c7f4fa394023f304ba7fd589016415a7e

  • SSDEEP

    3072:Aaq5ctoD15rgZjOM00Ez1OfXXxGNrFqqmstTTKd9VxYBv+nHdNN/gLNxuOsv:A55Oa15reXCOfXoNgqmstT0GO9NI3

Score
10/10
cycbotbackdoordiscoveryratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_98371e807425a7344432b08125335874

    • Size

      209KB

    • MD5

      98371e807425a7344432b08125335874

    • SHA1

      c42a4a7c62a5507ff88ada4e95999c5fb49a579a

    • SHA256

      4bda2a432c5282559d6f4f59e1886ddd2620468a2187af0511b00b9633f54d56

    • SHA512

      f75aacb53b3868ee588d9a339488141a21b523700387c325554fbc6c368bf8fc51947b7e4b932340526c093aa28a859c7f4fa394023f304ba7fd589016415a7e

    • SSDEEP

      3072:Aaq5ctoD15rgZjOM00Ez1OfXXxGNrFqqmstTTKd9VxYBv+nHdNN/gLNxuOsv:A55Oa15reXCOfXoNgqmstT0GO9NI3

    Score
    10/10
    cycbotbackdoordiscoveryratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks