cycbot | e2e7bce386f2757a9dfec329a94869469866c9ad8e198dcee6ce12412ba8e6a7 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...09.exe

windows7-x64

JaffaCakes...09.exe

windows10-2004-x64

3

Sharing

General

Target

JaffaCakes118_6b02f81c2c1681708d13a8dd362cc809
Size

182KB
Sample

250131-rm9pcazmgl
MD5

6b02f81c2c1681708d13a8dd362cc809
SHA1

68e1a4cdcddb5b8d1bda38ac5829cc59aa7dc52f
SHA256

e2e7bce386f2757a9dfec329a94869469866c9ad8e198dcee6ce12412ba8e6a7
SHA512

39965f59e5d9bdeb723b7772d0074fbfe11d05b3469667864bc42dc65ddcf77216313ddde1c95dd7bb7ce6f2d12d1a0646092ac8cf972f91c9543382726a9be6
SSDEEP

3072:3gjcHBfqaePyO1vEwgIsoRziN9KEDCARg5bq6K/qqgS2f:3k6VNePyTwvTON9KEG5cqqgSO

Score

10^/10

cycbot backdoor discovery persistence rat spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_6b02f81c2c1681708d13a8dd362cc809.exe

Resource

win7-20241010-en

cycbot backdoor discovery persistence rat spyware stealer upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_6b02f81c2c1681708d13a8dd362cc809.exe

Resource

win10v2004-20250129-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_6b02f81c2c1681708d13a8dd362cc809
- Size
  
  182KB
- MD5
  
  6b02f81c2c1681708d13a8dd362cc809
- SHA1
  
  68e1a4cdcddb5b8d1bda38ac5829cc59aa7dc52f
- SHA256
  
  e2e7bce386f2757a9dfec329a94869469866c9ad8e198dcee6ce12412ba8e6a7
- SHA512
  
  39965f59e5d9bdeb723b7772d0074fbfe11d05b3469667864bc42dc65ddcf77216313ddde1c95dd7bb7ce6f2d12d1a0646092ac8cf972f91c9543382726a9be6
- SSDEEP
  
  3072:3gjcHBfqaePyO1vEwgIsoRziN9KEDCARg5bq6K/qqgS2f:3k6VNePyTwvTON9KEG5cqqgSO
Score

10^/10

cycbot backdoor discovery persistence rat spyware stealer upx
- Cycbot
  Cycbot is a backdoor and trojan written in C++..
  backdoor rat cycbot
- Cycbot family
  cycbot
- Detects Cycbot payload
  Cycbot is a backdoor and trojan written in C++.
- Modifies WinLogon for persistence
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cycbotbackdoordiscoverypersistenceratspywarestealerupx

behavioral2

© 2018-2025

Terms | Privacy