Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
24-01-2025 20:25
General
-
Target
JaffaCakes118_2523464fb225cad5bfec48c4a53c5bd3.exe
-
Size
165KB
-
MD5
2523464fb225cad5bfec48c4a53c5bd3
-
SHA1
bb6909667ecea674fc111ee1e4033c4db5b9ad75
-
SHA256
9b470c80e4e68217a5b3efe2e6bb3d34d988b1fcaa34105e4b7ae5b1006e4557
-
SHA512
75d21ee592b84e2d4989f142dfa78f25b2fccf862323dcb1c34c2f015e1e00fbafd6564daf81ee86ea498ffcebc4a568a87c95d8c40b799c041c6a45cce7ed75
-
SSDEEP
3072:YvSPEflpaJPK6ZNWpfTuLGTg8M86qSyUujoBVbFNpFrKvpTI:+SPEflcPjSpKLtsJjyVbFNmx
Malware Config
Signatures
-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload 6 IoCs
Cycbot is a backdoor and trojan written in C++.
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2523464fb225cad5bfec48c4a53c5bd3.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2523464fb225cad5bfec48c4a53c5bd3.exe"1⤵
- Modifies WinLogon for persistence
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2523464fb225cad5bfec48c4a53c5bd3.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2523464fb225cad5bfec48c4a53c5bd3.exe startC:\Program Files (x86)\LP\2A92\BE0.exe%C:\Program Files (x86)\LP\2A922⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2523464fb225cad5bfec48c4a53c5bd3.exeC:\Users\Admin\AppData\Local\Temp\JaffaCakes118_2523464fb225cad5bfec48c4a53c5bd3.exe startC:\Program Files (x86)\23892\lvvm.exe%C:\Program Files (x86)\238922⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
996B
MD576fe05d6d116a1f34de787f259b86877
SHA1d312404bf7f0752c9cb7adcb4d6620cca4ed1075
SHA2567317d32a084785f98b330ad32fa400d5cd9145849df3b933437bf180485a393a
SHA512c8d897300ec97ca52539b7643cc5f410b23e96db23b417a56cc9579354350037969a4ba92e44b0f54bcb5fb57497d2d5b61841e55460d86eda9bf100dcd9e59a
-
Filesize
600B
MD5d8a83e0bbb24b7014370e5f0baa2c3d8
SHA17120a8cfdc76e4e3af62dad4830bb6d00d12658b
SHA25677e0adbbf39aac8945dd21403ad9a71b22435e372aa53d87f7b0dc0934376d1e
SHA5125659ade36f93bbcc1f966cd33f5eceb64d71882b1c058fee04bef68561d7e587800bdbe9d1446028ef9d086877a732970f4243f145bb886d86c13fd54e9b53b7
-
Filesize
1KB
MD5ad675d6a95892eb92832adb2d5190f8b
SHA117d4e0ea52c2865381d96671a103dded025e0289
SHA256c029a406c4e223ba7a07ebdd671f8161aa8e3c884e01f7521782fd6333f07437
SHA512fe740ee381911bf39b307c534a76c6f2efa9d23141d13185b7a5e5e439fc99b3ac53ff3bbf791072aa1ea8ec7f57da0d39abba4541ae36ef7b3bb71d150e17e8
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
568KB
-
Filesize
568KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB
-
Filesize
580KB