General

  • Target

    JaffaCakes118_cc057435f5a25bec114741f02a8c24da

  • Size

    163KB

  • Sample

    250119-tagtxatrds

  • MD5

    cc057435f5a25bec114741f02a8c24da

  • SHA1

    a7c84e173335eb0e8f89826458ad0fc5ab61cc75

  • SHA256

    4c7a1967c3f4ba21bd3655d531f1d784acefd8b53f2770117aa1ef2de317ccae

  • SHA512

    0d77d10dd81508441be569f56da3e8fc8cfe6a80ab878a706ee183796fc8bd802acc91132817589b9454e81d91adbdd8f6da174f0ce2c53acf91d431679ed761

  • SSDEEP

    3072:0Qog6Qwbn+dgeaAFmjuCIARGCZJmBSoeElVVvCbPytMIs57n:Fsrbn+dgywRIAfHqZHlDv2pIu7

Malware Config

Targets

    • Target

      JaffaCakes118_cc057435f5a25bec114741f02a8c24da

    • Size

      163KB

    • MD5

      cc057435f5a25bec114741f02a8c24da

    • SHA1

      a7c84e173335eb0e8f89826458ad0fc5ab61cc75

    • SHA256

      4c7a1967c3f4ba21bd3655d531f1d784acefd8b53f2770117aa1ef2de317ccae

    • SHA512

      0d77d10dd81508441be569f56da3e8fc8cfe6a80ab878a706ee183796fc8bd802acc91132817589b9454e81d91adbdd8f6da174f0ce2c53acf91d431679ed761

    • SSDEEP

      3072:0Qog6Qwbn+dgeaAFmjuCIARGCZJmBSoeElVVvCbPytMIs57n:Fsrbn+dgywRIAfHqZHlDv2pIu7

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks