General
-
Target
23086d613d085b28ddf74b2983044b4a_JaffaCakes118
-
Size
437KB
-
Sample
240703-txmnnsthjj
-
MD5
23086d613d085b28ddf74b2983044b4a
-
SHA1
1daf97f94212115364560a2f493c50d2e1d166f8
-
SHA256
9dbd599fe566c0eb278f3821aeac9ee0ceeae034a2f902a1e27baedfbdfa6a6e
-
SHA512
acb6617a35e585dff2067e701e851e0abbf1aa9c02139d3208e1e5e545ac62117438214accdc76efa43b5331df561cc4820c1b05d311d29f541f3fadac9990eb
-
SSDEEP
12288:PuqcH2IMaxtR6PHPDDMIBzBQOmnUNg1J6:Pdcjxb6PvDDMH1J6
Static task
static1
Behavioral task
behavioral1
Sample
23086d613d085b28ddf74b2983044b4a_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
cybergate
v1.07.5
sim
msninfo.no-ip.biz:96
1264C665C6DR0B
-
enable_keylogger
false
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
iexplore.exe
-
install_dir
microsofft
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Antivirus correctamente actualizado.
-
message_box_title
Windows Mensaje
-
password
int1705
-
regkey_hkcu
svchost
-
regkey_hklm
svchost.exe
Targets
-
-
Target
23086d613d085b28ddf74b2983044b4a_JaffaCakes118
-
Size
437KB
-
MD5
23086d613d085b28ddf74b2983044b4a
-
SHA1
1daf97f94212115364560a2f493c50d2e1d166f8
-
SHA256
9dbd599fe566c0eb278f3821aeac9ee0ceeae034a2f902a1e27baedfbdfa6a6e
-
SHA512
acb6617a35e585dff2067e701e851e0abbf1aa9c02139d3208e1e5e545ac62117438214accdc76efa43b5331df561cc4820c1b05d311d29f541f3fadac9990eb
-
SSDEEP
12288:PuqcH2IMaxtR6PHPDDMIBzBQOmnUNg1J6:Pdcjxb6PvDDMH1J6
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-