General
-
Target
22927dadc82b4b88a12d148d97ff1ab8_JaffaCakes118
-
Size
394KB
-
Sample
240703-q4t5jszfkg
-
MD5
22927dadc82b4b88a12d148d97ff1ab8
-
SHA1
db47640abfb6e3732414cacfc7e451800b896f0e
-
SHA256
6fd767fac2f838bf7c6792b2c76af9a8bbcfda7fb2c9fa1e78be24ce996c66e0
-
SHA512
3081091bd4cf67d3ce86b7a2d2b8c297fa3aafa253bed643457ba081b69b34318b9778afdb1def76ba9872efdefde8b6f9a249dc25e011a4b4e8e525764abeeb
-
SSDEEP
12288:GgJwonsizk0saVx0dPemKXnVpy9hzpBesnf:GewujsaVhmKlp8hz1
Static task
static1
Behavioral task
behavioral1
Sample
22927dadc82b4b88a12d148d97ff1ab8_JaffaCakes118.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
22927dadc82b4b88a12d148d97ff1ab8_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
cybergate
2.6
tunisia-sat
klach.hopto.org:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
CHROME.exe
-
install_dir
system32
-
install_file
cmd23.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
abcd1234
Targets
-
-
Target
22927dadc82b4b88a12d148d97ff1ab8_JaffaCakes118
-
Size
394KB
-
MD5
22927dadc82b4b88a12d148d97ff1ab8
-
SHA1
db47640abfb6e3732414cacfc7e451800b896f0e
-
SHA256
6fd767fac2f838bf7c6792b2c76af9a8bbcfda7fb2c9fa1e78be24ce996c66e0
-
SHA512
3081091bd4cf67d3ce86b7a2d2b8c297fa3aafa253bed643457ba081b69b34318b9778afdb1def76ba9872efdefde8b6f9a249dc25e011a4b4e8e525764abeeb
-
SSDEEP
12288:GgJwonsizk0saVx0dPemKXnVpy9hzpBesnf:GewujsaVhmKlp8hz1
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-