General
-
Target
f4ce755adbf16a96fb3ba7bab9991866_JaffaCakes118
-
Size
351KB
-
Sample
240417-cj2f8sah46
-
MD5
f4ce755adbf16a96fb3ba7bab9991866
-
SHA1
5e33c6fc7d758b280b1eb74bdfc279792191cd1c
-
SHA256
33b2de00d2e380b6e7936aa7d4e3e2af5cfdda94a52b7c1a554ade0ee7939bb4
-
SHA512
d9a4fd4eb2a7daebf2b73efc41030b3612ea0f51d85277a70de28aa28fae88678353ce0288a9ce013122f8ee7c9c1a9b4fab298923d5957507ea00b1ebc34d46
-
SSDEEP
6144:c/RzW2+1yO6Wt8LFdzc22Z9wA8qfQghYAho6nQb2xaUq2rdh+LrC1M:sJT6+PA22Z182hYso6QCxaULj+LrqM
Static task
static1
Behavioral task
behavioral1
Sample
f4ce755adbf16a96fb3ba7bab9991866_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
cybergate
2.6
ÖÍíÉ
127.0.0.1:288
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_file
windows.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
t?tulo da mensagem
-
password
abcd1234
Targets
-
-
Target
f4ce755adbf16a96fb3ba7bab9991866_JaffaCakes118
-
Size
351KB
-
MD5
f4ce755adbf16a96fb3ba7bab9991866
-
SHA1
5e33c6fc7d758b280b1eb74bdfc279792191cd1c
-
SHA256
33b2de00d2e380b6e7936aa7d4e3e2af5cfdda94a52b7c1a554ade0ee7939bb4
-
SHA512
d9a4fd4eb2a7daebf2b73efc41030b3612ea0f51d85277a70de28aa28fae88678353ce0288a9ce013122f8ee7c9c1a9b4fab298923d5957507ea00b1ebc34d46
-
SSDEEP
6144:c/RzW2+1yO6Wt8LFdzc22Z9wA8qfQghYAho6nQb2xaUq2rdh+LrC1M:sJT6+PA22Z182hYso6QCxaULj+LrqM
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-