Overview

overview

10

Static

static

3

JaffaCakes...f7.exe

windows7-x64

10

JaffaCakes...f7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_101660b924b7aa18d196bd7b2b592ef7

  • Size

    170KB

  • Sample

    250122-w7nd3ayrdy

  • MD5

    101660b924b7aa18d196bd7b2b592ef7

  • SHA1

    8190d88997c291dc3b5f9638528da24b62eff647

  • SHA256

    c444be81f9a2675822afd8d3259c85f357947b3d391071ce4f627663f673e542

  • SHA512

    b1cd2fdf92146f15bf60428673fbfc7c5def61b9ae2392415c2a03748319e8aa6885dee909e6b5a0829dc358a5ddb285baa723fc98af8b5d0cd23df72c07e3cb

  • SSDEEP

    3072:AqmSLGkYoPrNdGYxfUfcl/W7UdFW6KKusTtrVKpY74CB+yAmt:1GRoPXGYxIcu7Udw6dTtrYpIL+y9

Score
10/10
cycbotbackdoordiscoverypersistenceratupx

Malware Config

Targets

    • Target

      JaffaCakes118_101660b924b7aa18d196bd7b2b592ef7

    • Size

      170KB

    • MD5

      101660b924b7aa18d196bd7b2b592ef7

    • SHA1

      8190d88997c291dc3b5f9638528da24b62eff647

    • SHA256

      c444be81f9a2675822afd8d3259c85f357947b3d391071ce4f627663f673e542

    • SHA512

      b1cd2fdf92146f15bf60428673fbfc7c5def61b9ae2392415c2a03748319e8aa6885dee909e6b5a0829dc358a5ddb285baa723fc98af8b5d0cd23df72c07e3cb

    • SSDEEP

      3072:AqmSLGkYoPrNdGYxfUfcl/W7UdFW6KKusTtrVKpY74CB+yAmt:1GRoPXGYxIcu7Udw6dTtrYpIL+y9

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks