General
-
Target
01ce30eab4aa60b337208496647750b5_JaffaCakes118
-
Size
282KB
-
Sample
240622-m4v53ayhnl
-
MD5
01ce30eab4aa60b337208496647750b5
-
SHA1
51f2a026635a1276b263418c1fa59e7b035a021c
-
SHA256
10d5edc595197e05f0c571f60465672e2467cc57d9ecd9c89bf28a8c89a3e6d9
-
SHA512
6472482a44c023ad9c7ff6b89712d33a575d91cc3401ad611adc2e36a9238701fda4b6e885bc69d1ed968a82551047ee6680eaa500b425b62fc47c55a7853b30
-
SSDEEP
6144:XScrL74mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXij:icsy78QSVnNyhsFMCeSj
Behavioral task
behavioral1
Sample
01ce30eab4aa60b337208496647750b5_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
01ce30eab4aa60b337208496647750b5_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
cybergate
v1.18.0 - Trial version
172.16.36.162:3330
2TMCPD6O5C73QA
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
Cornelia123
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
01ce30eab4aa60b337208496647750b5_JaffaCakes118
-
Size
282KB
-
MD5
01ce30eab4aa60b337208496647750b5
-
SHA1
51f2a026635a1276b263418c1fa59e7b035a021c
-
SHA256
10d5edc595197e05f0c571f60465672e2467cc57d9ecd9c89bf28a8c89a3e6d9
-
SHA512
6472482a44c023ad9c7ff6b89712d33a575d91cc3401ad611adc2e36a9238701fda4b6e885bc69d1ed968a82551047ee6680eaa500b425b62fc47c55a7853b30
-
SSDEEP
6144:XScrL74mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXij:icsy78QSVnNyhsFMCeSj
Score10/10 -