cycbot | 2a1b46df4f0258ed71a52fa3fe8d4842929b9793e8b9d246f8c3995685576f72 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...c3.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_a63d7b038ea23bd7763929279b15a9c3
Size

187KB
Sample

250409-w2ngwayp19
MD5

a63d7b038ea23bd7763929279b15a9c3
SHA1

08ccb92641176fc6dcbb86ff819b292bc1bef301
SHA256

2a1b46df4f0258ed71a52fa3fe8d4842929b9793e8b9d246f8c3995685576f72
SHA512

ae7d0dd9ca7c908743da041e8e2fd0cfe70dc8ddb44c1f07578f093ffd77bf1ae35c6b676122305081b70d882b74bf85f69003bc05614d512963d201d69b29dc
SSDEEP

3072:54os9MlnX1YhrVIUgAnzUdg5mbYU/X8pXB+DhPzwkzJSFeb6cWVB:54j8XChr+URnzIVbYU/QwwzAIb

Score

10^/10

cycbot backdoor discovery persistence rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_a63d7b038ea23bd7763929279b15a9c3.exe

Resource

win10v2004-20250314-en

cycbot backdoor discovery persistence rat upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_a63d7b038ea23bd7763929279b15a9c3
- Size
  
  187KB
- MD5
  
  a63d7b038ea23bd7763929279b15a9c3
- SHA1
  
  08ccb92641176fc6dcbb86ff819b292bc1bef301
- SHA256
  
  2a1b46df4f0258ed71a52fa3fe8d4842929b9793e8b9d246f8c3995685576f72
- SHA512
  
  ae7d0dd9ca7c908743da041e8e2fd0cfe70dc8ddb44c1f07578f093ffd77bf1ae35c6b676122305081b70d882b74bf85f69003bc05614d512963d201d69b29dc
- SSDEEP
  
  3072:54os9MlnX1YhrVIUgAnzUdg5mbYU/X8pXB+DhPzwkzJSFeb6cWVB:54j8XChr+URnzIVbYU/QwwzAIb
Score

10^/10

cycbot backdoor discovery persistence rat upx
- Cycbot
  Cycbot is a backdoor and trojan written in C++..
  backdoor rat cycbot
- Cycbot family
  cycbot
- Detects Cycbot payload
  Cycbot is a backdoor and trojan written in C++.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cycbotbackdoordiscoverypersistenceratupx

© 2018-2025

Terms | Privacy