General
-
Target
085799923a0e6355ea2052320ef8339a_JaffaCakes118
-
Size
752KB
-
Sample
240624-nz9nbszhqa
-
MD5
085799923a0e6355ea2052320ef8339a
-
SHA1
7696f6dc1dc74ca5fb1afdf59afdae22854e7f68
-
SHA256
c3afab3b57a32b125135698b923ce496f1ed54295df79a2e0c668bfabcf9ae88
-
SHA512
5684b1ad02aa27fe1d5a923224c01cf1feac6ff33a982680fc20a33f3bfe5d3379a58f5c9e361ad6712d6b76f70fa9d3721d9522d5fcd5e4e856eef9661293a9
-
SSDEEP
12288:HcY70VNaBa+3doGhNvnOd6XHKjWxboOT5yEAo9bvlWQQZW00q9tY1nUTA830+t:nu8YSc6IJ3
Static task
static1
Behavioral task
behavioral1
Sample
085799923a0e6355ea2052320ef8339a_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
cybergate
v1.07.5
remote
jamesfj.no-ip.info:82
2V13PL4766BVN1
-
enable_keylogger
false
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
SystemUpdate.exe
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
.NET Framework Initialization Error: C:\WINDOWS\ Microsoft.NET\Framework\v 1.1.4322\Mscorwks.dll could not be loaded
-
message_box_title
Net Framework Error
-
password
cool
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
085799923a0e6355ea2052320ef8339a_JaffaCakes118
-
Size
752KB
-
MD5
085799923a0e6355ea2052320ef8339a
-
SHA1
7696f6dc1dc74ca5fb1afdf59afdae22854e7f68
-
SHA256
c3afab3b57a32b125135698b923ce496f1ed54295df79a2e0c668bfabcf9ae88
-
SHA512
5684b1ad02aa27fe1d5a923224c01cf1feac6ff33a982680fc20a33f3bfe5d3379a58f5c9e361ad6712d6b76f70fa9d3721d9522d5fcd5e4e856eef9661293a9
-
SSDEEP
12288:HcY70VNaBa+3doGhNvnOd6XHKjWxboOT5yEAo9bvlWQQZW00q9tY1nUTA830+t:nu8YSc6IJ3
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-