General
-
Target
293378a23c01285f91cc423e882fe3cf_JaffaCakes118
-
Size
352KB
-
Sample
240706-w82yvazaqn
-
MD5
293378a23c01285f91cc423e882fe3cf
-
SHA1
43c33d44644fd82b14de69d1aa8cd53344d0e7e1
-
SHA256
ac2cba0b247f2958090d15a77d3009f572311172c22717421ee1943ebe9ec937
-
SHA512
f5a2079a3d5248c90d9243519fd5befac583052d1ab070a2792ea7d153368373e0985b4884dc76003ef8001b81cc310bb8be9a7512d2d1c7c0d3fa48cbfc8bc3
-
SSDEEP
6144:6mcD66Rm795JGmrpQsK3RD2u270jupCJsCxC3Iy1rk6:PcD66s7oZ2zkPaCx21z
Behavioral task
behavioral1
Sample
293378a23c01285f91cc423e882fe3cf_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
cybergate
2.6
ÖÍíÉ
127.0.0.1:288
kaka8ooo.no.ip.biz:288
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_file
windows.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
293378a23c01285f91cc423e882fe3cf_JaffaCakes118
-
Size
352KB
-
MD5
293378a23c01285f91cc423e882fe3cf
-
SHA1
43c33d44644fd82b14de69d1aa8cd53344d0e7e1
-
SHA256
ac2cba0b247f2958090d15a77d3009f572311172c22717421ee1943ebe9ec937
-
SHA512
f5a2079a3d5248c90d9243519fd5befac583052d1ab070a2792ea7d153368373e0985b4884dc76003ef8001b81cc310bb8be9a7512d2d1c7c0d3fa48cbfc8bc3
-
SSDEEP
6144:6mcD66Rm795JGmrpQsK3RD2u270jupCJsCxC3Iy1rk6:PcD66s7oZ2zkPaCx21z
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-