Overview

overview

10

Static

static

3

JaffaCakes...73.exe

windows7-x64

10

JaffaCakes...73.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_73a169e431975e2cee9ae449f16c4073

  • Size

    167KB

  • Sample

    250201-tqrztazlhy

  • MD5

    73a169e431975e2cee9ae449f16c4073

  • SHA1

    6d26afcd2cc020b032a43f8d2d8f1d2afc32621a

  • SHA256

    11b760b5d247727aeb2c6bb5596cf2127e9702fc800bcac6f211aa915849c2ac

  • SHA512

    594809de401e2e5e2274d16a3055f2d67973578577a7f33f92958a4f4de52a5da5646846e6d25b1a80ac0bef6389dd1d35010ef5571cc64fc2a0f2b8397d8baa

  • SSDEEP

    3072:QOXbTyNkYhsO1d3NTw8RgA/LqNExmHURwslnInWbUt+w/:vyNrhd1w8RDxmHURJlWWbU

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_73a169e431975e2cee9ae449f16c4073

    • Size

      167KB

    • MD5

      73a169e431975e2cee9ae449f16c4073

    • SHA1

      6d26afcd2cc020b032a43f8d2d8f1d2afc32621a

    • SHA256

      11b760b5d247727aeb2c6bb5596cf2127e9702fc800bcac6f211aa915849c2ac

    • SHA512

      594809de401e2e5e2274d16a3055f2d67973578577a7f33f92958a4f4de52a5da5646846e6d25b1a80ac0bef6389dd1d35010ef5571cc64fc2a0f2b8397d8baa

    • SSDEEP

      3072:QOXbTyNkYhsO1d3NTw8RgA/LqNExmHURwslnInWbUt+w/:vyNrhd1w8RDxmHURJlWWbU

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks