General
-
Target
ed83a6880ead72f9e8e6f5a84e9d9333_JaffaCakes118
-
Size
828KB
-
Sample
240411-qln6ksfd9v
-
MD5
ed83a6880ead72f9e8e6f5a84e9d9333
-
SHA1
088149eb4ff66859066eac1c594d65c7c1b67e8a
-
SHA256
bfc48f4f9e73be4be7c1820221910ba0f8fd4cec60b23d74f1da4a33db3e5afb
-
SHA512
b81dacf3e8553ff710ed60123406855fecedb5deb1317a855a1a0bd76102a521303d84cf3f2f1220ffc5a9d444a689be7f9cffc155bcde93ff3104f9ff100e29
-
SSDEEP
12288:/5360zUd0dUWHb/6cdc2ISoCogDfv7AQkF90DGO6qnlgKeELbqpy1dGQ3Duy:h36SGc6ectVgDfTurX1oeELp1d6
Static task
static1
Behavioral task
behavioral1
Sample
ed83a6880ead72f9e8e6f5a84e9d9333_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cybergate
v3.4.2.2
remote
127.0.0.1:5555
haso.ddns.net:5555
4GGA4CN1KKHX03
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Driver
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Install Flash Player
-
message_box_title
Error
-
password
crocro35
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
ed83a6880ead72f9e8e6f5a84e9d9333_JaffaCakes118
-
Size
828KB
-
MD5
ed83a6880ead72f9e8e6f5a84e9d9333
-
SHA1
088149eb4ff66859066eac1c594d65c7c1b67e8a
-
SHA256
bfc48f4f9e73be4be7c1820221910ba0f8fd4cec60b23d74f1da4a33db3e5afb
-
SHA512
b81dacf3e8553ff710ed60123406855fecedb5deb1317a855a1a0bd76102a521303d84cf3f2f1220ffc5a9d444a689be7f9cffc155bcde93ff3104f9ff100e29
-
SSDEEP
12288:/5360zUd0dUWHb/6cdc2ISoCogDfv7AQkF90DGO6qnlgKeELbqpy1dGQ3Duy:h36SGc6ectVgDfTurX1oeELp1d6
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-