General
-
Target
033d197e358656fc7771146417d5b192_JaffaCakes118
-
Size
599KB
-
Sample
240622-wepresxcmb
-
MD5
033d197e358656fc7771146417d5b192
-
SHA1
36d4c55e61b43f8aeb5b00401cf97a4c9dbaae20
-
SHA256
a4c03e32af0603bb00b495460216284a2b46c76d8630d46f124ac81c5c2d1588
-
SHA512
92be554bd15e1ac23d75a7ded118688534f14920831dd3b52de7a8ae15f30e5fe447e5c951aa068c1079c05e1013ad9e015387f72ad76f8e62078d4fc4aad629
-
SSDEEP
12288:EE8V/D74Hbook8T/hqZMcDtqYkHE/DX1HTET:Ed3aboohT/h8McJqYkHENTk
Static task
static1
Behavioral task
behavioral1
Sample
033d197e358656fc7771146417d5b192_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
033d197e358656fc7771146417d5b192_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
cybergate
v1.13.0
feb
miwebhost.no-ip.info:2013
DLMW8HQ7O6K5YK
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
adobe
-
install_file
adobereader.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
blowfish
-
regkey_hkcu
adobereader
-
regkey_hklm
adobereader
Targets
-
-
Target
033d197e358656fc7771146417d5b192_JaffaCakes118
-
Size
599KB
-
MD5
033d197e358656fc7771146417d5b192
-
SHA1
36d4c55e61b43f8aeb5b00401cf97a4c9dbaae20
-
SHA256
a4c03e32af0603bb00b495460216284a2b46c76d8630d46f124ac81c5c2d1588
-
SHA512
92be554bd15e1ac23d75a7ded118688534f14920831dd3b52de7a8ae15f30e5fe447e5c951aa068c1079c05e1013ad9e015387f72ad76f8e62078d4fc4aad629
-
SSDEEP
12288:EE8V/D74Hbook8T/hqZMcDtqYkHE/DX1HTET:Ed3aboohT/h8McJqYkHENTk
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-