General
-
Target
03b3fcef4b52ab953108416f3a69e284_JaffaCakes118
-
Size
281KB
-
Sample
240622-yh9l4ssbpf
-
MD5
03b3fcef4b52ab953108416f3a69e284
-
SHA1
0c387492f293875cbbce85dc4f032d2adfc3a7be
-
SHA256
dcae1f280d0fcd41f273126c162398e3be55050b50ad24fc84a9dc2264d911f8
-
SHA512
b5ced45fc625692a8f83a0987605f918d7e3d65f943aabbc35fde58629d37b9f6aa834730554a29b05bfad2717dddfe2f7567bfc82f41bbf12ab2571ad92f2c8
-
SSDEEP
6144:dScrLF4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijk:ociy78QSVnNyhsFMCeSjk
Behavioral task
behavioral1
Sample
03b3fcef4b52ab953108416f3a69e284_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
03b3fcef4b52ab953108416f3a69e284_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cybergate
v1.18.0 - Trial version
Andrax03-16-12
gp1990.no-ip.org:1990
Q00W3PR166L34H
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Winzip
-
install_file
Windll.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
gp161990
-
regkey_hkcu
Windll
-
regkey_hklm
Windll
Targets
-
-
Target
03b3fcef4b52ab953108416f3a69e284_JaffaCakes118
-
Size
281KB
-
MD5
03b3fcef4b52ab953108416f3a69e284
-
SHA1
0c387492f293875cbbce85dc4f032d2adfc3a7be
-
SHA256
dcae1f280d0fcd41f273126c162398e3be55050b50ad24fc84a9dc2264d911f8
-
SHA512
b5ced45fc625692a8f83a0987605f918d7e3d65f943aabbc35fde58629d37b9f6aa834730554a29b05bfad2717dddfe2f7567bfc82f41bbf12ab2571ad92f2c8
-
SSDEEP
6144:dScrLF4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijk:ociy78QSVnNyhsFMCeSjk
Score10/10 -