General
-
Target
502ec1b831135862399d602a0155043f_JaffaCakes118
-
Size
1.3MB
-
Sample
240716-1pnpbsvbpg
-
MD5
502ec1b831135862399d602a0155043f
-
SHA1
046400ed423527888cd8cb30c8928e18bd655f2d
-
SHA256
c1cc43a7e6810870a2a11ff6d4ed58831f6c8aabd5737f05f459f9498651c72e
-
SHA512
5765df3c9b4f1fa61f6fb1c00ca0df8aff65ce4ba810f631455d3bf2f8c30699e8a5eeabf909103e3b126d7126c7a7930f68ce0182637a994c80e74a35d763bc
-
SSDEEP
24576:GP6TWnSgXokeJiDl+380FsSrprK7P/kFVkLWQ5JtsDtMKseJ2yi4vgEBUjR0rWsW:DT0tXuiDlGrrp8P/kFksDtMKlJcCUjRt
Static task
static1
Behavioral task
behavioral1
Sample
502ec1b831135862399d602a0155043f_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
cybergate
2.6
ÖÍíÉ
virusxp.no-ip.biz:188
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_file
windows.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
t?tulo da mensagem
-
password
abcd1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
502ec1b831135862399d602a0155043f_JaffaCakes118
-
Size
1.3MB
-
MD5
502ec1b831135862399d602a0155043f
-
SHA1
046400ed423527888cd8cb30c8928e18bd655f2d
-
SHA256
c1cc43a7e6810870a2a11ff6d4ed58831f6c8aabd5737f05f459f9498651c72e
-
SHA512
5765df3c9b4f1fa61f6fb1c00ca0df8aff65ce4ba810f631455d3bf2f8c30699e8a5eeabf909103e3b126d7126c7a7930f68ce0182637a994c80e74a35d763bc
-
SSDEEP
24576:GP6TWnSgXokeJiDl+380FsSrprK7P/kFVkLWQ5JtsDtMKseJ2yi4vgEBUjR0rWsW:DT0tXuiDlGrrp8P/kFksDtMKlJcCUjRt
-
Suspicious use of SetThreadContext
-