General
-
Target
e6837a5ca0227c682d5d103563d1fbdd_JaffaCakes118
-
Size
296KB
-
Sample
240408-dtvbcafd23
-
MD5
e6837a5ca0227c682d5d103563d1fbdd
-
SHA1
7c4732a6a05039a70731c54c3b6ac8dbccece90f
-
SHA256
9ab245dc4f7527042ae254940e14b908377afc597b637d39d09d91e4fe830380
-
SHA512
e7a3b4e0966935966e84203c6b26b63a4c912737d7ec637cc63579cb5e7b84b32968c77bb251696431cd3fd3fdb9971131bdad104e1bace150cfd8b906379e53
-
SSDEEP
6144:POpslFlqshdBCkWYxuukP1pjSKSNVkq/MVJb8:PwslnTBd47GLRMTb8
Behavioral task
behavioral1
Sample
e6837a5ca0227c682d5d103563d1fbdd_JaffaCakes118.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
e6837a5ca0227c682d5d103563d1fbdd_JaffaCakes118.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
cybergate
v1.07.5
remote
127.0.0.1:99
5GCF0N21LOJ1VD
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
12345
Targets
-
-
Target
e6837a5ca0227c682d5d103563d1fbdd_JaffaCakes118
-
Size
296KB
-
MD5
e6837a5ca0227c682d5d103563d1fbdd
-
SHA1
7c4732a6a05039a70731c54c3b6ac8dbccece90f
-
SHA256
9ab245dc4f7527042ae254940e14b908377afc597b637d39d09d91e4fe830380
-
SHA512
e7a3b4e0966935966e84203c6b26b63a4c912737d7ec637cc63579cb5e7b84b32968c77bb251696431cd3fd3fdb9971131bdad104e1bace150cfd8b906379e53
-
SSDEEP
6144:POpslFlqshdBCkWYxuukP1pjSKSNVkq/MVJb8:PwslnTBd47GLRMTb8
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-