Overview

overview

10

Static

static

3

JaffaCakes...4f.exe

windows7-x64

5

JaffaCakes...4f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_97fdbdc07ceb9e10206420289b12eb4f

  • Size

    180KB

  • Sample

    250329-y7g86avnx3

  • MD5

    97fdbdc07ceb9e10206420289b12eb4f

  • SHA1

    9c45cda70e2627bfdf86f63bc116d09fe282fb98

  • SHA256

    59f8a062ddbe72f169e5f50ba362cd713f24efef91370e3d1b702497011e7911

  • SHA512

    56d7c04983814769222d0c1152c3b002fc262546b7ae2372b97e30045c424008d18ac0cdd1babe07e903796488a542dfe4f245b2111f672d2629b6010f70b975

  • SSDEEP

    3072:Bq9uNvM3aBiI7Jq1jMpEiypVNA5rqaOoqHW5dDA3hj6wdfMOT3MMJSFVWwmW7agG:8INvM3aMss18EiyPNonqHKA3b5T3cFVt

Score
10/10
cycbotbackdoordiscoverypersistenceratupx

Malware Config

Targets

    • Target

      JaffaCakes118_97fdbdc07ceb9e10206420289b12eb4f

    • Size

      180KB

    • MD5

      97fdbdc07ceb9e10206420289b12eb4f

    • SHA1

      9c45cda70e2627bfdf86f63bc116d09fe282fb98

    • SHA256

      59f8a062ddbe72f169e5f50ba362cd713f24efef91370e3d1b702497011e7911

    • SHA512

      56d7c04983814769222d0c1152c3b002fc262546b7ae2372b97e30045c424008d18ac0cdd1babe07e903796488a542dfe4f245b2111f672d2629b6010f70b975

    • SSDEEP

      3072:Bq9uNvM3aBiI7Jq1jMpEiypVNA5rqaOoqHW5dDA3hj6wdfMOT3MMJSFVWwmW7agG:8INvM3aMss18EiyPNonqHKA3b5T3cFVt

    Score
    10/10
    upxcycbotbackdoordiscoverypersistencerat

    • Cycbot

      Cycbot is a backdoor and trojan written in C++..

      backdoorratcycbot

    • Cycbot family

      cycbot

    • Detects Cycbot payload

      Cycbot is a backdoor and trojan written in C++.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks