General
-
Target
f9b1e88b29198d3686ca71f924972036_JaffaCakes118
-
Size
356KB
-
Sample
240419-g6fkhabh31
-
MD5
f9b1e88b29198d3686ca71f924972036
-
SHA1
f400d4ad8cca502dd2d2fd1554f365ae56bc3ef5
-
SHA256
f809916791b69e6f4c3ca3a785883cbd50f7fcc3e3a2c75b8d1ed64d81760a27
-
SHA512
956d2ab6c418a5a4742d856101308afe30cc60f3c3d5c17211e4241c5be1aa747fee3da9da090336972589ea671be64781567756aad0af90c8f684cbb2e2462b
-
SSDEEP
6144:BSq5QGOCSUf4Q6LQ1Qp031TDpf9zSwsZMMII1DjM8Dxg9QXU55O2g:BSJUQQKKSwsZMMTDxuYD
Static task
static1
Behavioral task
behavioral1
Sample
f9b1e88b29198d3686ca71f924972036_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cybergate
2.6
Victime
dz-crypter.no-ip.info:1215
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Installation
-
install_file
Setup.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
abcd1234
Targets
-
-
Target
f9b1e88b29198d3686ca71f924972036_JaffaCakes118
-
Size
356KB
-
MD5
f9b1e88b29198d3686ca71f924972036
-
SHA1
f400d4ad8cca502dd2d2fd1554f365ae56bc3ef5
-
SHA256
f809916791b69e6f4c3ca3a785883cbd50f7fcc3e3a2c75b8d1ed64d81760a27
-
SHA512
956d2ab6c418a5a4742d856101308afe30cc60f3c3d5c17211e4241c5be1aa747fee3da9da090336972589ea671be64781567756aad0af90c8f684cbb2e2462b
-
SSDEEP
6144:BSq5QGOCSUf4Q6LQ1Qp031TDpf9zSwsZMMII1DjM8Dxg9QXU55O2g:BSJUQQKKSwsZMMTDxuYD
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-