General
-
Target
055d70500f76e7414cec99421b4a55f3_JaffaCakes118
-
Size
290KB
-
Sample
240620-m22j3axgql
-
MD5
055d70500f76e7414cec99421b4a55f3
-
SHA1
dd0371e44ab8cebc8a56b46b5bc8a4450cfd9fcb
-
SHA256
e8e2817ffe881ab1cfa040bd754acf3bdafdfb98c9163c8b88242043301fc8e9
-
SHA512
1f77a325cea27e28099301ffde61a563fc82d5a8d09750b00b1687b55940ad783e50a37bc2601f16ffd9cab5804d41ab9c4f7b1bfc9d54bfc07d7d0462749a50
-
SSDEEP
6144:2OpslFlq/hdBCkWYxuukP1pjSKSNVkq/MVJbk:2wsluTBd47GLRMTbk
Behavioral task
behavioral1
Sample
055d70500f76e7414cec99421b4a55f3_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
cybergate
v1.07.5
fail
shoppal.no-ip.biz:6161
41755X5G3HWI3P
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
SearchIndexer.exe
-
install_dir
WinDir
-
install_file
winlogon6.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
This application requires .NET Framework 4 installed on your computer in order to work properly. Please make sure you are using the latest version of .NET Framework.
-
message_box_title
Error!
-
password
cybergate
Targets
-
-
Target
055d70500f76e7414cec99421b4a55f3_JaffaCakes118
-
Size
290KB
-
MD5
055d70500f76e7414cec99421b4a55f3
-
SHA1
dd0371e44ab8cebc8a56b46b5bc8a4450cfd9fcb
-
SHA256
e8e2817ffe881ab1cfa040bd754acf3bdafdfb98c9163c8b88242043301fc8e9
-
SHA512
1f77a325cea27e28099301ffde61a563fc82d5a8d09750b00b1687b55940ad783e50a37bc2601f16ffd9cab5804d41ab9c4f7b1bfc9d54bfc07d7d0462749a50
-
SSDEEP
6144:2OpslFlq/hdBCkWYxuukP1pjSKSNVkq/MVJbk:2wsluTBd47GLRMTbk
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-