General
-
Target
388dbb07c152e4057593a6c0a558ae34_JaffaCakes118
-
Size
1.6MB
-
Sample
240512-gf456seg48
-
MD5
388dbb07c152e4057593a6c0a558ae34
-
SHA1
324fef5e1bce8d5509a70d53c0614baaae540d8f
-
SHA256
831f8e5776be1b738061ec3a0d1b3925c4650dce4f01d01468760b04b8a4d756
-
SHA512
96b0663cb0b75aa87e4741466e59339abadd074b66a178ed2c79caeab44793839f9ef9929140e1d95238db90672b41043c593f9c175ba1ca17e34ade14169799
-
SSDEEP
49152:ZbCjPKNqQ/nywXk6nPam340Q5tWiiCWYk:hCjPKNZyw05zlHWx
Static task
static1
Behavioral task
behavioral1
Sample
388dbb07c152e4057593a6c0a558ae34_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cybergate
v3.4.2.2
remote
127.0.0.1:3128
NO.no-ip1414.tk:3128
2EOS537AI15SLD
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Intel HD Driver
-
install_file
Intel(x86).exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
cybergate
Targets
-
-
Target
388dbb07c152e4057593a6c0a558ae34_JaffaCakes118
-
Size
1.6MB
-
MD5
388dbb07c152e4057593a6c0a558ae34
-
SHA1
324fef5e1bce8d5509a70d53c0614baaae540d8f
-
SHA256
831f8e5776be1b738061ec3a0d1b3925c4650dce4f01d01468760b04b8a4d756
-
SHA512
96b0663cb0b75aa87e4741466e59339abadd074b66a178ed2c79caeab44793839f9ef9929140e1d95238db90672b41043c593f9c175ba1ca17e34ade14169799
-
SSDEEP
49152:ZbCjPKNqQ/nywXk6nPam340Q5tWiiCWYk:hCjPKNZyw05zlHWx
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-