General
-
Target
0d6dddeeb0081360bd61cb780b9a9081_JaffaCakes118
-
Size
281KB
-
Sample
240625-kp29qasglq
-
MD5
0d6dddeeb0081360bd61cb780b9a9081
-
SHA1
3b097951ca6108af3d3b874241d011386c086150
-
SHA256
08593549276436b92b6df659676cfe7e6996f9d9b1eb714c6935b1ec7216e884
-
SHA512
f17f3f5b97b41bcd6fd5eeb9d9315340eabff9ab52ed344ec0c7cfc69c8321efc2c3bee155bdc00230f6d4c2be48a1cafaa1c18dc87e133fdbe6b73767bf634b
-
SSDEEP
6144:AScrL04mp3ScrL04mp7ScrL04mp8mScrL:RcryCcrymcryac
Behavioral task
behavioral1
Sample
0d6dddeeb0081360bd61cb780b9a9081_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0d6dddeeb0081360bd61cb780b9a9081_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
cybergate
v1.18.0 - Crack Version
remote
78.108.51.79:81
78.108.51.79:90
2RH1M6N655T4I3
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Macromedia
-
install_file
winlogon.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
ladyinred
-
regkey_hklm
Java(TM) Platform SE binary
Targets
-
-
Target
0d6dddeeb0081360bd61cb780b9a9081_JaffaCakes118
-
Size
281KB
-
MD5
0d6dddeeb0081360bd61cb780b9a9081
-
SHA1
3b097951ca6108af3d3b874241d011386c086150
-
SHA256
08593549276436b92b6df659676cfe7e6996f9d9b1eb714c6935b1ec7216e884
-
SHA512
f17f3f5b97b41bcd6fd5eeb9d9315340eabff9ab52ed344ec0c7cfc69c8321efc2c3bee155bdc00230f6d4c2be48a1cafaa1c18dc87e133fdbe6b73767bf634b
-
SSDEEP
6144:AScrL04mp3ScrL04mp7ScrL04mp8mScrL:RcryCcrymcryac
Score10/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-