General
-
Target
f716ef97ceebcb4ab0f751feeeabba75_JaffaCakes118
-
Size
549KB
-
Sample
240418-c4y7lsaa9z
-
MD5
f716ef97ceebcb4ab0f751feeeabba75
-
SHA1
0ce96074a9d3f657bb4ecf82550944f727d4800d
-
SHA256
0184efd76256a9c8349a72e69088465427d398b7d89acb048474e906be78d45d
-
SHA512
16ee7b143c98d8c19f7312b64bdf46db7973517639fbfa85c2f020104d8d3d4c68fe1f95271e4e95c2a3ed351e897bc257bd71eac20800f410a1430f337bb116
-
SSDEEP
12288:ugtbjkDJV3MKGLdsOCUE4L5Wtcs210WNmlRAKd:t5ADJV3khxEq5Jn5NaBd
Static task
static1
Behavioral task
behavioral1
Sample
f716ef97ceebcb4ab0f751feeeabba75_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cybergate
v1.11.0 - Public Version
remote
216.38.7.227:82
T058HEPN2DJ6J0
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
Svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_title
CyberGate
-
password
quasar12
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
f716ef97ceebcb4ab0f751feeeabba75_JaffaCakes118
-
Size
549KB
-
MD5
f716ef97ceebcb4ab0f751feeeabba75
-
SHA1
0ce96074a9d3f657bb4ecf82550944f727d4800d
-
SHA256
0184efd76256a9c8349a72e69088465427d398b7d89acb048474e906be78d45d
-
SHA512
16ee7b143c98d8c19f7312b64bdf46db7973517639fbfa85c2f020104d8d3d4c68fe1f95271e4e95c2a3ed351e897bc257bd71eac20800f410a1430f337bb116
-
SSDEEP
12288:ugtbjkDJV3MKGLdsOCUE4L5Wtcs210WNmlRAKd:t5ADJV3khxEq5Jn5NaBd
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-