cycbot | 58fad80ceebf89e42029a8d0562897d07b39b4ae478f4e152044ba9b6f47c951 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...ac.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_a61b587768e71858556d4811677e7bac
Size

182KB
Sample

250409-wemxtsyscz
MD5

a61b587768e71858556d4811677e7bac
SHA1

a5de27e2fb092ced049a6698e605fbc60e19fc1e
SHA256

58fad80ceebf89e42029a8d0562897d07b39b4ae478f4e152044ba9b6f47c951
SHA512

ce5f4f40b172822f67b8acdcf2737e6565e70c9396bdaa72098509bfe77e85ec988725ed8f7a75281f77118f7cb411e714ce7883dd6954b992dcb246c8d6917c
SSDEEP

3072:H9gB5aM/Mae5A/RDu4HUxWo2CsXGZ484IRwTVp7igrYPaY2uA81sHBRo6Lx5D2V1:dgXaMkLQ0Bps3PXi6YPP2uoBRx5A4KW

Score

10^/10

cycbot backdoor discovery persistence rat upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_a61b587768e71858556d4811677e7bac.exe

Resource

win10v2004-20250314-en

cycbot backdoor discovery persistence rat upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_a61b587768e71858556d4811677e7bac
- Size
  
  182KB
- MD5
  
  a61b587768e71858556d4811677e7bac
- SHA1
  
  a5de27e2fb092ced049a6698e605fbc60e19fc1e
- SHA256
  
  58fad80ceebf89e42029a8d0562897d07b39b4ae478f4e152044ba9b6f47c951
- SHA512
  
  ce5f4f40b172822f67b8acdcf2737e6565e70c9396bdaa72098509bfe77e85ec988725ed8f7a75281f77118f7cb411e714ce7883dd6954b992dcb246c8d6917c
- SSDEEP
  
  3072:H9gB5aM/Mae5A/RDu4HUxWo2CsXGZ484IRwTVp7igrYPaY2uA81sHBRo6Lx5D2V1:dgXaMkLQ0Bps3PXi6YPP2uoBRx5A4KW
Score

10^/10

cycbot backdoor discovery persistence rat upx
- Cycbot
  Cycbot is a backdoor and trojan written in C++..
  backdoor rat cycbot
- Cycbot family
  cycbot
- Detects Cycbot payload
  Cycbot is a backdoor and trojan written in C++.
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cycbotbackdoordiscoverypersistenceratupx

© 2018-2025

Terms | Privacy