General
-
Target
0dd5f56c70098c79855b2ea2bec46457_JaffaCakes118
-
Size
281KB
-
Sample
240625-m7z87awcmg
-
MD5
0dd5f56c70098c79855b2ea2bec46457
-
SHA1
137d0df464c24a64776edddd153f7f9c6b6ba57c
-
SHA256
92bc0ad2c6838aa1d48fa6baa85447c7595a0ee9b2f018eeb902fd8c58a3bd36
-
SHA512
bcb1d8733bc7ced32e96ea37190bfc115762f9243778db15efc8c09fbf1d6707fe766a85e4c6a270d316e8edd8d4ae098d9802f45c7067d7496eea312a75ae8f
-
SSDEEP
3072:hqSaZpSYl97CmAcqSaZpSYl97CmAoX+qSaZpSYl97CmAoXoXqSaZpSYl97CmAoXO:AScrL6ScrLlDScrLl4aScrLl4BScrL3
Behavioral task
behavioral1
Sample
0dd5f56c70098c79855b2ea2bec46457_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
0dd5f56c70098c79855b2ea2bec46457_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
cybergate
v1.18.0 - Trial version
remote
78.108.51.79:81
78.108.51.79:90
R0OT5B731624IH
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Macromedia
-
install_file
sidebar.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
ladyinred
Targets
-
-
Target
0dd5f56c70098c79855b2ea2bec46457_JaffaCakes118
-
Size
281KB
-
MD5
0dd5f56c70098c79855b2ea2bec46457
-
SHA1
137d0df464c24a64776edddd153f7f9c6b6ba57c
-
SHA256
92bc0ad2c6838aa1d48fa6baa85447c7595a0ee9b2f018eeb902fd8c58a3bd36
-
SHA512
bcb1d8733bc7ced32e96ea37190bfc115762f9243778db15efc8c09fbf1d6707fe766a85e4c6a270d316e8edd8d4ae098d9802f45c7067d7496eea312a75ae8f
-
SSDEEP
3072:hqSaZpSYl97CmAcqSaZpSYl97CmAoX+qSaZpSYl97CmAoXoXqSaZpSYl97CmAoXO:AScrL6ScrLlDScrLl4aScrLl4BScrL3
Score10/10-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in System32 directory
-