General
-
Target
08c8e14dc7ad1da35440a013db57e76f_JaffaCakes118
-
Size
354KB
-
Sample
240620-xe277ascrd
-
MD5
08c8e14dc7ad1da35440a013db57e76f
-
SHA1
ac53b60af7aa3e464aa182f3d059135f1dac40d6
-
SHA256
a56eec25f378a0e2adbc5d67d939cff5d0474a680e93a987c0f8da436057a073
-
SHA512
28606df74236cf8293bac8387c4ae8d0b72ce58692493949274783a2550edfccc1cd46d2c6238fd6ddc0e26aabd49ef527db0b9c0fe737734c5c1f7651fd32f5
-
SSDEEP
6144:rmcD66URjK5JGmrpQsK3RD2u270jupCJsCxCAE4yjzDIwwab:ycD66gzZ2zkPaCxHfy8w3b
Behavioral task
behavioral1
Sample
08c8e14dc7ad1da35440a013db57e76f_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
cybergate
2.6
Server
127.0.0.1:2222
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
spynet
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
abcd1234
-
regkey_hkcu
HKCU
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
08c8e14dc7ad1da35440a013db57e76f_JaffaCakes118
-
Size
354KB
-
MD5
08c8e14dc7ad1da35440a013db57e76f
-
SHA1
ac53b60af7aa3e464aa182f3d059135f1dac40d6
-
SHA256
a56eec25f378a0e2adbc5d67d939cff5d0474a680e93a987c0f8da436057a073
-
SHA512
28606df74236cf8293bac8387c4ae8d0b72ce58692493949274783a2550edfccc1cd46d2c6238fd6ddc0e26aabd49ef527db0b9c0fe737734c5c1f7651fd32f5
-
SSDEEP
6144:rmcD66URjK5JGmrpQsK3RD2u270jupCJsCxCAE4yjzDIwwab:ycD66gzZ2zkPaCxHfy8w3b
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Active Setup
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Active Setup
1Defense Evasion
Modify Registry
8Impair Defenses
4Disable or Modify Tools
3Disable or Modify System Firewall
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1