Overview

overview

10

Static

static

3

JaffaCakes...08.exe

windows7-x64

10

JaffaCakes...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_b5e0270d0b80dbfa5576d55e1d762c08

  • Size

    165KB

  • Sample

    250118-14f8sswqas

  • MD5

    b5e0270d0b80dbfa5576d55e1d762c08

  • SHA1

    1477b9677e5b2f4a8f786dc3968e87c51ab3d141

  • SHA256

    21c1f4911cfda2b312d548a050dc4270cb9e764115746eacfa2e3d8f87daea09

  • SHA512

    6d20a9278fb1a1276ab30debaf7282ed627fed461666797a6c66e9452a5f289ce3ad9d002dd195da889ccf626194b02a0eaaaa8f3f7d87d873c97af52997645f

  • SSDEEP

    3072:Hiw0IZJ1/pFFPySAip8OfKAYwcOeZ1It+cz4dT/BazCjklBwIIyM:HKIr1hFFPbpRKEcLm+cz4YCglU

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_b5e0270d0b80dbfa5576d55e1d762c08

    • Size

      165KB

    • MD5

      b5e0270d0b80dbfa5576d55e1d762c08

    • SHA1

      1477b9677e5b2f4a8f786dc3968e87c51ab3d141

    • SHA256

      21c1f4911cfda2b312d548a050dc4270cb9e764115746eacfa2e3d8f87daea09

    • SHA512

      6d20a9278fb1a1276ab30debaf7282ed627fed461666797a6c66e9452a5f289ce3ad9d002dd195da889ccf626194b02a0eaaaa8f3f7d87d873c97af52997645f

    • SSDEEP

      3072:Hiw0IZJ1/pFFPySAip8OfKAYwcOeZ1It+cz4dT/BazCjklBwIIyM:HKIr1hFFPbpRKEcLm+cz4YCglU

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks