General
-
Target
1e78e23c43c0d8d4eb514eb0dc15fffb_JaffaCakes118
-
Size
348KB
-
Sample
240702-jczgmasdkd
-
MD5
1e78e23c43c0d8d4eb514eb0dc15fffb
-
SHA1
ad228023edbb1b7f33a14dd0551f1eb6c797d351
-
SHA256
cee00c28972603675387b42f82f5314a9531df999566e4ed3e56c16b66abd846
-
SHA512
48df6792bafee8d2b126a783264ecc25250b7c7695958c781dbe6aabbd1ebd5890983d1400aef197fe611e6b5d3295533b8c5b1a68ab46c492edcf660f0b3587
-
SSDEEP
6144:7Lp31B4mlvq4PPmjQMERrP2hp+mX9qx+7EOEkCO0DXmQ+39ak1tk2u8jM:iA/PesLR7WYufYOhUYta0x7j
Static task
static1
Behavioral task
behavioral1
Sample
1e78e23c43c0d8d4eb514eb0dc15fffb_JaffaCakes118.exe
Resource
win7-20231129-en
Malware Config
Extracted
cybergate
2.6
ÖÍíÉ
127.0.0.1:288
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_file
windows.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
t?tulo da mensagem
-
password
abcd1234
Targets
-
-
Target
1e78e23c43c0d8d4eb514eb0dc15fffb_JaffaCakes118
-
Size
348KB
-
MD5
1e78e23c43c0d8d4eb514eb0dc15fffb
-
SHA1
ad228023edbb1b7f33a14dd0551f1eb6c797d351
-
SHA256
cee00c28972603675387b42f82f5314a9531df999566e4ed3e56c16b66abd846
-
SHA512
48df6792bafee8d2b126a783264ecc25250b7c7695958c781dbe6aabbd1ebd5890983d1400aef197fe611e6b5d3295533b8c5b1a68ab46c492edcf660f0b3587
-
SSDEEP
6144:7Lp31B4mlvq4PPmjQMERrP2hp+mX9qx+7EOEkCO0DXmQ+39ak1tk2u8jM:iA/PesLR7WYufYOhUYta0x7j
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-