Overview

overview

10

Static

static

3

JaffaCakes...4c.exe

windows7-x64

10

JaffaCakes...4c.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_36fadc910204602ee4c8a945d6825f4c

  • Size

    201KB

  • Sample

    250126-tclwmsxjan

  • MD5

    36fadc910204602ee4c8a945d6825f4c

  • SHA1

    a11a6c5ab03ae7ccfcdab3b4c5ccc1175d32bfbd

  • SHA256

    e0ff5bfd69dc661be829cab2ba8fff806a09708b4267bf07849d88032634898b

  • SHA512

    3ae0045d3ee6cf28b0720f2b4e50903d9d30a48e3f80c9f45585b69c2388290473fd1cb88330e3aaaa5dad23916988aed43a135497aa275d7a8bb3f51b3c27c4

  • SSDEEP

    3072:jOp7TdGZgtjChOji8k+pDCX1AahsJLWaRGnrit0XxWWWLGuA9lf:yp74CRUPH0bMJoIj

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_36fadc910204602ee4c8a945d6825f4c

    • Size

      201KB

    • MD5

      36fadc910204602ee4c8a945d6825f4c

    • SHA1

      a11a6c5ab03ae7ccfcdab3b4c5ccc1175d32bfbd

    • SHA256

      e0ff5bfd69dc661be829cab2ba8fff806a09708b4267bf07849d88032634898b

    • SHA512

      3ae0045d3ee6cf28b0720f2b4e50903d9d30a48e3f80c9f45585b69c2388290473fd1cb88330e3aaaa5dad23916988aed43a135497aa275d7a8bb3f51b3c27c4

    • SSDEEP

      3072:jOp7TdGZgtjChOji8k+pDCX1AahsJLWaRGnrit0XxWWWLGuA9lf:yp74CRUPH0bMJoIj

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks