Overview

overview

10

Static

static

3

JaffaCakes...d2.exe

windows7-x64

10

JaffaCakes...d2.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_370c4e9fb5d9cc81fb90606f89ce69d2

  • Size

    170KB

  • Sample

    250126-thcj6axkbm

  • MD5

    370c4e9fb5d9cc81fb90606f89ce69d2

  • SHA1

    4736ccb37749a4ae3706fc97e43c5e6d3107c288

  • SHA256

    9574097d7ecbe7c06ea8303500c9aee662756dbe4011b1daba9020a09b62020f

  • SHA512

    6d2de3cedc5eb25d83972a0887ca646cbc60a7a2b6faa8c1046cf2d8afacf8f0d9ec346d3b5c4aeffec9420d8de509e8718c1ceb7f7883826b078ae47525d1ae

  • SSDEEP

    3072:gKmdRkOtj+fhSgb8clWnmhaLi6FrdKCm7XRepDB4f+Wir+c0bNa:gK0JyfhBitRECIXYP4GWiic

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_370c4e9fb5d9cc81fb90606f89ce69d2

    • Size

      170KB

    • MD5

      370c4e9fb5d9cc81fb90606f89ce69d2

    • SHA1

      4736ccb37749a4ae3706fc97e43c5e6d3107c288

    • SHA256

      9574097d7ecbe7c06ea8303500c9aee662756dbe4011b1daba9020a09b62020f

    • SHA512

      6d2de3cedc5eb25d83972a0887ca646cbc60a7a2b6faa8c1046cf2d8afacf8f0d9ec346d3b5c4aeffec9420d8de509e8718c1ceb7f7883826b078ae47525d1ae

    • SSDEEP

      3072:gKmdRkOtj+fhSgb8clWnmhaLi6FrdKCm7XRepDB4f+Wir+c0bNa:gK0JyfhBitRECIXYP4GWiic

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks