Overview

overview

10

Static

static

3

JaffaCakes...4a.exe

windows7-x64

10

JaffaCakes...4a.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_de4e93e1c22b1ac0e5fe50d75c73e54a

  • Size

    164KB

  • Sample

    250120-gsdhzsvnel

  • MD5

    de4e93e1c22b1ac0e5fe50d75c73e54a

  • SHA1

    2633376756c6e421cd3c56c8f7017912e800bc9d

  • SHA256

    10efd8dcd7eef8fa3b9bafc967afefd48aee62ec5a17e289d897e032b38a5649

  • SHA512

    d9784510bdc376a21a1dd11f069b80ec063c123c0e22c59d65d685c13bc40f681049acd4371eb313651b3e41e3aebe16afc8eb4f281f66472b8cbf5de31cf6f6

  • SSDEEP

    3072:0chVeVc6NO7cpaAVStEWhCPYTvo3PYh3rg8/P1z/FVL:0KrEO7cpiVhjTvogsmP9

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_de4e93e1c22b1ac0e5fe50d75c73e54a

    • Size

      164KB

    • MD5

      de4e93e1c22b1ac0e5fe50d75c73e54a

    • SHA1

      2633376756c6e421cd3c56c8f7017912e800bc9d

    • SHA256

      10efd8dcd7eef8fa3b9bafc967afefd48aee62ec5a17e289d897e032b38a5649

    • SHA512

      d9784510bdc376a21a1dd11f069b80ec063c123c0e22c59d65d685c13bc40f681049acd4371eb313651b3e41e3aebe16afc8eb4f281f66472b8cbf5de31cf6f6

    • SSDEEP

      3072:0chVeVc6NO7cpaAVStEWhCPYTvo3PYh3rg8/P1z/FVL:0KrEO7cpiVhjTvogsmP9

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks