Behavioral task
behavioral1
Sample
3374a68a53d9d4dc591beafe66a17fd5_JaffaCakes118.exe
Resource
win7-20240704-en
General
-
Target
3374a68a53d9d4dc591beafe66a17fd5_JaffaCakes118
-
Size
353KB
-
MD5
3374a68a53d9d4dc591beafe66a17fd5
-
SHA1
89de873996a7114b7cb981c4443fdec0c2f57c58
-
SHA256
278ddf62df7bcfb0a48e4a65ff49a0128a16866d4a914243d5f003c043531c84
-
SHA512
754c7c23ff16fc3bcc0e5772278e25b3173e297859a744c8d7b7281b8a73c08fc4e11caefde9d35a9b020b8c07d619e22b8d8273a5ed65dddc72dfd0c831e3dc
-
SSDEEP
6144:SmcD66Rt5JGmrpQsK3RD2u270jupCJsCxCXIzzc:3cD66aZ2zkPaCx3w
Malware Config
Extracted
cybergate
2.6
ÖÍíÉ
sa83.np-ip.biz:288
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_file
windows.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Signatures
Files
-
3374a68a53d9d4dc591beafe66a17fd5_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: 68KB - Virtual size: 68KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 280KB - Virtual size: 280KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE