General
-
Target
f6db9af1ec863fc2cbad923a6c1aecf7_JaffaCakes118
-
Size
292KB
-
Sample
240418-aahlnabf6v
-
MD5
f6db9af1ec863fc2cbad923a6c1aecf7
-
SHA1
7bb0f1f3a115ac61cda0b25e743a718ec4b44a21
-
SHA256
16a97c555e1bb19000b92228b1ca9353971a190f2b237f1413074ee62407f985
-
SHA512
f4406705b9be8a7b8e08f756ca1c116471dbbe5f65ac4bad51a9bac597286feeab3a87b739f0f42adc4bcf9f68291ffd0991b9d343e46b4c2ed57ee4926fc51d
-
SSDEEP
6144:cw+YlQsQ5l6uHQ7LVs4xbht2l7SIvbRX2mHI8XOm7jTrf:cwMl6wQP2gttA7S+c7ed77f
Static task
static1
Behavioral task
behavioral1
Sample
DICIENDOTE TODO LO QUE NO SOY CAPAZ DE DECIRTE EN PERSONA.exe
Resource
win7-20240221-en
Malware Config
Extracted
cybergate
v1.02.0
remote
adri14gay.no-ip.biz:81
adri14gay.no-ip.biz:82
5O334LO225PP80
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
win
-
install_file
winr.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
ES UNA BROMITA AINS XDDD DESDE LUEGO.... XD
-
message_box_title
ES BROMITA
-
password
pinomontano60000
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
DICIENDOTE TODO LO QUE NO SOY CAPAZ DE DECIRTE EN PERSONA.exe
-
Size
337KB
-
MD5
e49a91aaf7fbef7201e2644c8c1a6d14
-
SHA1
cc4340d3d58de6e5c55c422e05054ccce05f9a7a
-
SHA256
5fb8ce6325e4a3e62f0b6f64bcd1d0f0e1aee7d077dedf6e8503ab386b69ede0
-
SHA512
39ab0627b45bca4683ec312ff909dd29f6e6e8dc182594ccdc6027466339553879416231a9cc3ca180cd1ba5e6b813e8332375255845f96ae82c5b6d6680c6f8
-
SSDEEP
6144:FgJIzrY/jfA1xp40ImUSTMZM8TYZm+TulGI5nIg10jG:FEsr2oXyj0YYZ/Tu8IN1QG
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-