General
-
Target
JaffaCakes118_93dc3c374d77f8b13427aa37c1be2064
-
Size
176KB
-
Sample
250329-xsyrxsywds
-
MD5
93dc3c374d77f8b13427aa37c1be2064
-
SHA1
f16962644575b409f56ee76d171e9ea786884745
-
SHA256
2f9c901743c0f2ff6594dbc64acb7e767f8329c528512d9bc2e0566c2841c351
-
SHA512
ecb21e4dc9e345c08c1be53e87a1ced18b4c3b40fdda048638569cf31bd9455d89a6dfb585fff3ced7c8a21f839ff4337acebb85142881dbf772df6480dfe1ed
-
SSDEEP
3072:id62Ls2mpMC+dJB/1d+z4p2K2zh3dyjoHWc+cMywCZBMtz1nsZ0q95xSkkIMIyo:I6TAC8B/jjA1Zd/oZyHM11nNq9Cb1o
Malware Config
Targets
-
-
Target
JaffaCakes118_93dc3c374d77f8b13427aa37c1be2064
-
Size
176KB
-
MD5
93dc3c374d77f8b13427aa37c1be2064
-
SHA1
f16962644575b409f56ee76d171e9ea786884745
-
SHA256
2f9c901743c0f2ff6594dbc64acb7e767f8329c528512d9bc2e0566c2841c351
-
SHA512
ecb21e4dc9e345c08c1be53e87a1ced18b4c3b40fdda048638569cf31bd9455d89a6dfb585fff3ced7c8a21f839ff4337acebb85142881dbf772df6480dfe1ed
-
SSDEEP
3072:id62Ls2mpMC+dJB/1d+z4p2K2zh3dyjoHWc+cMywCZBMtz1nsZ0q95xSkkIMIyo:I6TAC8B/jjA1Zd/oZyHM11nNq9Cb1o
Score10/10-
Cycbot
Cycbot is a backdoor and trojan written in C++..
-
Cycbot family
-
Detects Cycbot payload
Cycbot is a backdoor and trojan written in C++.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1