General
-
Target
06d14eccd9957a6a0df46f71ee31dcd2_JaffaCakes118
-
Size
444KB
-
Sample
240620-rss9jssclg
-
MD5
06d14eccd9957a6a0df46f71ee31dcd2
-
SHA1
4f902b13451bed9a7fe981476c945bebe5d12ea8
-
SHA256
46ee88895f267d8db54b0708185a61edfccc55e531b18b6428f87b5f13298bc2
-
SHA512
bc436a63c43030f1eece251da0db0dce9a404e5b6809701a54fb8f68a833f0fbb39205fe0eaac22e13a7e6372132710a236de72931d73c0371798d790d588dc3
-
SSDEEP
12288:uj3Kjd6tbSHgY7yp6wa7I3KPmcwM5RT8YX9FuF:ujaj8tS5wa7OuwcKYq
Static task
static1
Behavioral task
behavioral1
Sample
06d14eccd9957a6a0df46f71ee31dcd2_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cybergate
v1.07.5
HFHFHF
finders.hopto.org:425
PB06M228ATB22D
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Google Update
-
install_file
taskmgr.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Error - Application not supported on this operating system
-
message_box_title
Model Placement Application
-
password
knarf0909
-
regkey_hkcu
Google Update
-
regkey_hklm
Google Update
Targets
-
-
Target
06d14eccd9957a6a0df46f71ee31dcd2_JaffaCakes118
-
Size
444KB
-
MD5
06d14eccd9957a6a0df46f71ee31dcd2
-
SHA1
4f902b13451bed9a7fe981476c945bebe5d12ea8
-
SHA256
46ee88895f267d8db54b0708185a61edfccc55e531b18b6428f87b5f13298bc2
-
SHA512
bc436a63c43030f1eece251da0db0dce9a404e5b6809701a54fb8f68a833f0fbb39205fe0eaac22e13a7e6372132710a236de72931d73c0371798d790d588dc3
-
SSDEEP
12288:uj3Kjd6tbSHgY7yp6wa7I3KPmcwM5RT8YX9FuF:ujaj8tS5wa7OuwcKYq
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-