General

  • Target

    JaffaCakes118_cf21d704a8a9ada5afa5ca8cfe55b62b

  • Size

    177KB

  • Sample

    250119-wt5q7aznen

  • MD5

    cf21d704a8a9ada5afa5ca8cfe55b62b

  • SHA1

    249c24403e4d2052b4cda24b49ed7c19fc2a68dd

  • SHA256

    2a2baf485a65c77dc036b91e7bb0972aef023d3f3597612417ca960572017c2e

  • SHA512

    f1785e1cfa3c9b574a70813d02fd09b53b9a3b3a394de61783b172315cf8ebbe0bab7e423b537c6c6d26fe49130128b7b3738461921d868a8988d2e922e31532

  • SSDEEP

    3072:MvG3FEU017rsDtYUvkzau45BUlzgzvuhayo2A4mcsJOCQZF9/o613Nb8PMZd:JP017rqmzk5kELuBAP3JziF9/3Nb8PMz

Malware Config

Targets

    • Target

      JaffaCakes118_cf21d704a8a9ada5afa5ca8cfe55b62b

    • Size

      177KB

    • MD5

      cf21d704a8a9ada5afa5ca8cfe55b62b

    • SHA1

      249c24403e4d2052b4cda24b49ed7c19fc2a68dd

    • SHA256

      2a2baf485a65c77dc036b91e7bb0972aef023d3f3597612417ca960572017c2e

    • SHA512

      f1785e1cfa3c9b574a70813d02fd09b53b9a3b3a394de61783b172315cf8ebbe0bab7e423b537c6c6d26fe49130128b7b3738461921d868a8988d2e922e31532

    • SSDEEP

      3072:MvG3FEU017rsDtYUvkzau45BUlzgzvuhayo2A4mcsJOCQZF9/o613Nb8PMZd:JP017rqmzk5kELuBAP3JziF9/3Nb8PMz

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks