General
-
Target
09ac0790340de7e98344220c21f37acc_JaffaCakes118
-
Size
388KB
-
Sample
240620-1zvkmatbrq
-
MD5
09ac0790340de7e98344220c21f37acc
-
SHA1
c2105c0dc7d138a20a278c3aeaf388bdecb724f3
-
SHA256
18818488ca1b034a3c49818fbbd0f6390a9ed06d9ebf139200b61f6c084a0958
-
SHA512
d00638aaac8ad2f41b21ced4f2052837e274c8273b24ebfae4ba42065dcfde8454fe7ae32928976cb451e69888358fd3cade83aa957b723b142a26b8e160bd25
-
SSDEEP
6144:hZY8uzgcU7M8jwWJym4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijd:hZY3zgc78jR0By78QSVnNyhsFMCeSjd
Static task
static1
Behavioral task
behavioral1
Sample
09ac0790340de7e98344220c21f37acc_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
cybergate
v1.18.0 - Crack Version
Fix
a3tyhom.zapto.org:6666
41YEYP2CO85182
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_dir
explorer
-
install_file
explorer.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
ronaldo
Targets
-
-
Target
09ac0790340de7e98344220c21f37acc_JaffaCakes118
-
Size
388KB
-
MD5
09ac0790340de7e98344220c21f37acc
-
SHA1
c2105c0dc7d138a20a278c3aeaf388bdecb724f3
-
SHA256
18818488ca1b034a3c49818fbbd0f6390a9ed06d9ebf139200b61f6c084a0958
-
SHA512
d00638aaac8ad2f41b21ced4f2052837e274c8273b24ebfae4ba42065dcfde8454fe7ae32928976cb451e69888358fd3cade83aa957b723b142a26b8e160bd25
-
SSDEEP
6144:hZY8uzgcU7M8jwWJym4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijd:hZY3zgc78jR0By78QSVnNyhsFMCeSjd
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Suspicious use of SetThreadContext
-