General
-
Target
23972a1567ae9905b447fef5b1c79387_JaffaCakes118
-
Size
262KB
-
Sample
240703-yvrbaswbjq
-
MD5
23972a1567ae9905b447fef5b1c79387
-
SHA1
32e08259a0062c7eed4f5aee28ea51a9a8f27831
-
SHA256
a70fda6f5f943755f7399ff5a9384b927219b4d83ce2570743ae4218812ca6e0
-
SHA512
ec7924c20a10f24d0012d4d55417ed5b2e1017874cedcd51c7d3b23583585ccce504b6414c8e059e443611b4483fa88e0cb45b9ef6d0e72c05e428742dc6d775
-
SSDEEP
6144:lbfAUentO7S830ghBXSPETC5UVZDLNzbREyic5IZMbJBXCjFYuNR:hTetOecBzU6C5UjDLle8IZ4C2
Behavioral task
behavioral1
Sample
23972a1567ae9905b447fef5b1c79387_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
cybergate
2.6
ÖÍíÉ
127.0.0.1:288
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_file
Win_Xp.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Please try again later.
-
message_box_title
Error
-
password
abcd1234
Targets
-
-
Target
23972a1567ae9905b447fef5b1c79387_JaffaCakes118
-
Size
262KB
-
MD5
23972a1567ae9905b447fef5b1c79387
-
SHA1
32e08259a0062c7eed4f5aee28ea51a9a8f27831
-
SHA256
a70fda6f5f943755f7399ff5a9384b927219b4d83ce2570743ae4218812ca6e0
-
SHA512
ec7924c20a10f24d0012d4d55417ed5b2e1017874cedcd51c7d3b23583585ccce504b6414c8e059e443611b4483fa88e0cb45b9ef6d0e72c05e428742dc6d775
-
SSDEEP
6144:lbfAUentO7S830ghBXSPETC5UVZDLNzbREyic5IZMbJBXCjFYuNR:hTetOecBzU6C5UjDLle8IZ4C2
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-