General
-
Target
40e6399922a37801674a6aaa3540070e_JaffaCakes118
-
Size
1.2MB
-
Sample
240713-j7r12atclk
-
MD5
40e6399922a37801674a6aaa3540070e
-
SHA1
8b855cca3019772cba5c27e9ec5f3e7b141b0920
-
SHA256
0b837e6042fcde02f3893fa1912f400b58671c32b4cc66cd3158b63e5fc20685
-
SHA512
edebbdfa084a7e981d2cc7ba927290c1f863c0e3ffb946021d2e733924373c727858374d91e47591e734b715de286bdf8a2b10e5b13503a1ab0deb079a45796a
-
SSDEEP
24576:HhqMYdprgqE8sleQy2bkqjZcFMV3bLCHYvnphtX3t3bf2:HhqDpJE3QOnjZy1HsxBK
Static task
static1
Behavioral task
behavioral1
Sample
40e6399922a37801674a6aaa3540070e_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
cybergate
v1.07.5
itzh4cked
itzh4cked.no-ip.biz:6661
CY4GD3PW1Q0B43
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
test this bitch.exe
-
install_dir
Windows
-
install_file
chrome.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
what459sit512
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
40e6399922a37801674a6aaa3540070e_JaffaCakes118
-
Size
1.2MB
-
MD5
40e6399922a37801674a6aaa3540070e
-
SHA1
8b855cca3019772cba5c27e9ec5f3e7b141b0920
-
SHA256
0b837e6042fcde02f3893fa1912f400b58671c32b4cc66cd3158b63e5fc20685
-
SHA512
edebbdfa084a7e981d2cc7ba927290c1f863c0e3ffb946021d2e733924373c727858374d91e47591e734b715de286bdf8a2b10e5b13503a1ab0deb079a45796a
-
SSDEEP
24576:HhqMYdprgqE8sleQy2bkqjZcFMV3bLCHYvnphtX3t3bf2:HhqDpJE3QOnjZy1HsxBK
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-