General
-
Target
ec8b5a6c0d3d5d9c75699662f79c8879_JaffaCakes118
-
Size
1.8MB
-
Sample
240411-dnyftadg8y
-
MD5
ec8b5a6c0d3d5d9c75699662f79c8879
-
SHA1
af900901e899b16f2daa3cbca6185fff0a0049f3
-
SHA256
03c4565aa14611d8bf97f481bd85833ecc4e1d5be994a5188ca411116e9c2283
-
SHA512
5465894a13e4518baf242fd549f22f23831c72fd7e6fdd71a69d5a9926615b9211b0832c595fc95526b2ec6f26678267c07fcec2a8b95f88ff7fb224d4182796
-
SSDEEP
24576:T4dESROnRKfwbuy/pkaYkYybOmYdpaI98S9nviZm7rlWGzl+nOrNAEdTOZim9M2:T2zCUuakLYfgScmlWG5aydT89
Behavioral task
behavioral1
Sample
ec8b5a6c0d3d5d9c75699662f79c8879_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ec8b5a6c0d3d5d9c75699662f79c8879_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cybergate
2.6
Spy
compartilhar.no-ip.org:1338
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
c:\windos
-
install_file
Spy.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
invasor
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
ec8b5a6c0d3d5d9c75699662f79c8879_JaffaCakes118
-
Size
1.8MB
-
MD5
ec8b5a6c0d3d5d9c75699662f79c8879
-
SHA1
af900901e899b16f2daa3cbca6185fff0a0049f3
-
SHA256
03c4565aa14611d8bf97f481bd85833ecc4e1d5be994a5188ca411116e9c2283
-
SHA512
5465894a13e4518baf242fd549f22f23831c72fd7e6fdd71a69d5a9926615b9211b0832c595fc95526b2ec6f26678267c07fcec2a8b95f88ff7fb224d4182796
-
SSDEEP
24576:T4dESROnRKfwbuy/pkaYkYybOmYdpaI98S9nviZm7rlWGzl+nOrNAEdTOZim9M2:T2zCUuakLYfgScmlWG5aydT89
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Drops file in System32 directory
-