cycbot | 5428b0d1a7635a415eba28ee76fb577b2d0caa6d2c36d2308e0b2372872015dc | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...cb.exe

windows7-x64

7

JaffaCakes...cb.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_97fe6db4a3c910d9d72b42a67cb134cb
Size

484KB
Sample

250329-y7hjxssyat
MD5

97fe6db4a3c910d9d72b42a67cb134cb
SHA1

34f7776cade03b11cbdcc05f10e78b427a390c76
SHA256

5428b0d1a7635a415eba28ee76fb577b2d0caa6d2c36d2308e0b2372872015dc
SHA512

39036a7fe8f50220dcd7ea97e2b6a6235e2425523d942f4c49d9dc9f4193c4a2402e003483fc91d9901c6ddbe3628aaeffe8799be64a5694919558f413e01428
SSDEEP

12288:UP9GBWQch+L/ZgHP+v7xK0DmFwUfIp7JVyvWt1aBnSFAPHzeO:UPoBHch+uudKNffiv1aVSaPTeO

Score

10^/10

cycbot backdoor defense_evasion discovery persistence rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_97fe6db4a3c910d9d72b42a67cb134cb.exe

Resource

win7-20241023-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_97fe6db4a3c910d9d72b42a67cb134cb.exe

Resource

win10v2004-20250314-en

cycbot backdoor defense_evasion discovery persistence rat upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_97fe6db4a3c910d9d72b42a67cb134cb
- Size
  
  484KB
- MD5
  
  97fe6db4a3c910d9d72b42a67cb134cb
- SHA1
  
  34f7776cade03b11cbdcc05f10e78b427a390c76
- SHA256
  
  5428b0d1a7635a415eba28ee76fb577b2d0caa6d2c36d2308e0b2372872015dc
- SHA512
  
  39036a7fe8f50220dcd7ea97e2b6a6235e2425523d942f4c49d9dc9f4193c4a2402e003483fc91d9901c6ddbe3628aaeffe8799be64a5694919558f413e01428
- SSDEEP
  
  12288:UP9GBWQch+L/ZgHP+v7xK0DmFwUfIp7JVyvWt1aBnSFAPHzeO:UPoBHch+uudKNffiv1aVSaPTeO
Score

10^/10

discovery upx cycbot backdoor defense_evasion persistence rat
- Cycbot
  Cycbot is a backdoor and trojan written in C++..
  backdoor rat cycbot
- Cycbot family
  cycbot
- Detects Cycbot payload
  Cycbot is a backdoor and trojan written in C++.
- Modifies visiblity of hidden/system files in Explorer
  defense_evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates processes with tasklist
  discovery
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

cycbotbackdoordefense_evasiondiscoverypersistenceratupx

© 2018-2025

Terms | Privacy