General

  • Target

    JaffaCakes118_d118cc82a7e8f3d9ba4c3f1378dc9f89

  • Size

    165KB

  • Sample

    250119-yb7tyasmhx

  • MD5

    d118cc82a7e8f3d9ba4c3f1378dc9f89

  • SHA1

    8fef4391e3fe581385770f9953dd0f9645be6276

  • SHA256

    2acfabd0596bc5f1737386469edc089c6ca2bc3e7e3224f1e886cf60a06ce1d5

  • SHA512

    b285397f5f913312d8a27fbe2b1ff2d404f2b451b9657a984df0d769a9713749d8436fef0821083b2a774dc9eb3ed6a266fcd10f1a96d8213b2ab9c580a869fb

  • SSDEEP

    3072:kf9yV1T5nif72ATCN/4TqgHydlmOE09U+2+oho/NfB3lioze+:kf9IifCkELjvmN09U+HohGNftz

Malware Config

Targets

    • Target

      JaffaCakes118_d118cc82a7e8f3d9ba4c3f1378dc9f89

    • Size

      165KB

    • MD5

      d118cc82a7e8f3d9ba4c3f1378dc9f89

    • SHA1

      8fef4391e3fe581385770f9953dd0f9645be6276

    • SHA256

      2acfabd0596bc5f1737386469edc089c6ca2bc3e7e3224f1e886cf60a06ce1d5

    • SHA512

      b285397f5f913312d8a27fbe2b1ff2d404f2b451b9657a984df0d769a9713749d8436fef0821083b2a774dc9eb3ed6a266fcd10f1a96d8213b2ab9c580a869fb

    • SSDEEP

      3072:kf9yV1T5nif72ATCN/4TqgHydlmOE09U+2+oho/NfB3lioze+:kf9IifCkELjvmN09U+HohGNftz

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

    • Cycbot family

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks