Overview

overview

10

Static

static

3

JaffaCakes...a2.exe

windows7-x64

10

JaffaCakes...a2.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_941795a65af07a349d3d9bd7bb8c77a2

  • Size

    175KB

  • Sample

    250329-xwpnes1p17

  • MD5

    941795a65af07a349d3d9bd7bb8c77a2

  • SHA1

    58aade3d1e8c5285b6a3413038a1dc039307aec8

  • SHA256

    1b06879a9c0fb6c96885cd6d78700673ec1be6e31d8ffe677b96f03846bc3f04

  • SHA512

    37719660b96caf819657146d8ff579d30bdb745db84e6a172f53704f0910198d9c61056cdec91b9f533978eb6a7b62cafe302f4013295510adad181ae8d1e6b4

  • SSDEEP

    3072:Oe1gpuU2nZCuoW/ZIZMiQLZN6BCalsJGLTeKMcUTW:OeBJZCu1/KZMvLXCfsiTkcUTW

Score
10/10
cycbotbackdoordiscoverypersistenceratspywarestealerupx

Malware Config

Targets

    • Target

      JaffaCakes118_941795a65af07a349d3d9bd7bb8c77a2

    • Size

      175KB

    • MD5

      941795a65af07a349d3d9bd7bb8c77a2

    • SHA1

      58aade3d1e8c5285b6a3413038a1dc039307aec8

    • SHA256

      1b06879a9c0fb6c96885cd6d78700673ec1be6e31d8ffe677b96f03846bc3f04

    • SHA512

      37719660b96caf819657146d8ff579d30bdb745db84e6a172f53704f0910198d9c61056cdec91b9f533978eb6a7b62cafe302f4013295510adad181ae8d1e6b4

    • SSDEEP

      3072:Oe1gpuU2nZCuoW/ZIZMiQLZN6BCalsJGLTeKMcUTW:OeBJZCu1/KZMvLXCfsiTkcUTW

    Score
    10/10
    cycbotbackdoordiscoverypersistenceratspywarestealerupx

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Modifies WinLogon for persistence

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks