Overview

overview

10

Static

static

3

JaffaCakes...e5.exe

windows7-x64

10

JaffaCakes...e5.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_747cfb60eecc5d1a99169775c0a68fe5

  • Size

    170KB

  • Sample

    250201-wm78qswkcn

  • MD5

    747cfb60eecc5d1a99169775c0a68fe5

  • SHA1

    8dee3a7ec9e415c28ff4130156917743155e4e89

  • SHA256

    d257b65ceb5cafaf948a503b4e83fcb88310d4515a22e3456d3cdefa8f8ec116

  • SHA512

    9358f7ab3cdefc6d7e15c359cdb30bbe383b7c033e771fa8f2fc1cdded1482ffe6d646362e4e09a9e7506579756f3d3a2ec99511427be01e501930772bb26e1e

  • SSDEEP

    3072:y1y3JzflKd9vce7XgpgP7/npFDb7jpfpRAeflfPyo3RpG7k09:W6J7SNwpEDDbBhqMpG7l9

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_747cfb60eecc5d1a99169775c0a68fe5

    • Size

      170KB

    • MD5

      747cfb60eecc5d1a99169775c0a68fe5

    • SHA1

      8dee3a7ec9e415c28ff4130156917743155e4e89

    • SHA256

      d257b65ceb5cafaf948a503b4e83fcb88310d4515a22e3456d3cdefa8f8ec116

    • SHA512

      9358f7ab3cdefc6d7e15c359cdb30bbe383b7c033e771fa8f2fc1cdded1482ffe6d646362e4e09a9e7506579756f3d3a2ec99511427be01e501930772bb26e1e

    • SSDEEP

      3072:y1y3JzflKd9vce7XgpgP7/npFDb7jpfpRAeflfPyo3RpG7k09:W6J7SNwpEDDbBhqMpG7l9

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks