Overview

overview

10

Static

static

3

JaffaCakes...72.exe

windows7-x64

10

JaffaCakes...72.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_596533af4ad3d9ca93f515486bf83572

  • Size

    166KB

  • Sample

    250129-vtwmvatpcv

  • MD5

    596533af4ad3d9ca93f515486bf83572

  • SHA1

    4d6d4d114ee7d8b2732ae420db70a37a44f67e91

  • SHA256

    c1dde5773f0c31665b1b55e67ea5e6a8e5d2572632395d57d9bb9662a1c6545a

  • SHA512

    2f69568dd915c0d826896e967baf23a2dd8b82d82116950cb38964f375b8f0c5f32c62bc685d76fd076d449fb4d2745814c6c461eaccd1c76b7c321eb01255ae

  • SSDEEP

    3072:xsKK+KQsgsoEsvwu27lFWc9LF8YApcun3V88evyu2JzTY6gX2aZlg:CiGlrlFf9LF6pcMyvyNXlyi

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_596533af4ad3d9ca93f515486bf83572

    • Size

      166KB

    • MD5

      596533af4ad3d9ca93f515486bf83572

    • SHA1

      4d6d4d114ee7d8b2732ae420db70a37a44f67e91

    • SHA256

      c1dde5773f0c31665b1b55e67ea5e6a8e5d2572632395d57d9bb9662a1c6545a

    • SHA512

      2f69568dd915c0d826896e967baf23a2dd8b82d82116950cb38964f375b8f0c5f32c62bc685d76fd076d449fb4d2745814c6c461eaccd1c76b7c321eb01255ae

    • SSDEEP

      3072:xsKK+KQsgsoEsvwu27lFWc9LF8YApcun3V88evyu2JzTY6gX2aZlg:CiGlrlFf9LF6pcMyvyNXlyi

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks