General
-
Target
fe53acc7feed3eddcddb6b2b84e95a82_JaffaCakes118
-
Size
329KB
-
Sample
240421-d3yecshh52
-
MD5
fe53acc7feed3eddcddb6b2b84e95a82
-
SHA1
534cf82f06da3b03b559009550859ce4c7424c13
-
SHA256
75eded6d8f13bcdbc0e1cc340817bfd1720129bfd5140e6b5b8440282f5add75
-
SHA512
589ff8e11bb4ad52dd1745bb13aacb9500c8e9af9066bff2ca4b748fbe7c82dcae0aae4a854022256a2b470c88c62085ef165ece026beeaed9375b13433b70cf
-
SSDEEP
6144:9TufWTsjA+Ol/kA6Wm3PDcQPHpiXsMw1WSH7:9TDwilMADmfDcfXsM
Behavioral task
behavioral1
Sample
fe53acc7feed3eddcddb6b2b84e95a82_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fe53acc7feed3eddcddb6b2b84e95a82_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cybergate
2.1
R'sÉÏÏßÖ÷»ú
h3nimm.3322.org:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./
-
ftp_interval
10
-
ftp_password
h3nimm
-
ftp_port
21
-
ftp_server
76.73.62.252
-
ftp_username
9140
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
true
-
message_box_caption
ÕâÊÇÀ´×ÔÓÚRover12421µÄÎʺò£¡
-
message_box_title
Rover12421µÄÎʺò
-
password
abcd1234
Targets
-
-
Target
fe53acc7feed3eddcddb6b2b84e95a82_JaffaCakes118
-
Size
329KB
-
MD5
fe53acc7feed3eddcddb6b2b84e95a82
-
SHA1
534cf82f06da3b03b559009550859ce4c7424c13
-
SHA256
75eded6d8f13bcdbc0e1cc340817bfd1720129bfd5140e6b5b8440282f5add75
-
SHA512
589ff8e11bb4ad52dd1745bb13aacb9500c8e9af9066bff2ca4b748fbe7c82dcae0aae4a854022256a2b470c88c62085ef165ece026beeaed9375b13433b70cf
-
SSDEEP
6144:9TufWTsjA+Ol/kA6Wm3PDcQPHpiXsMw1WSH7:9TDwilMADmfDcfXsM
Score10/10-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-