General
-
Target
83d979bbbf2dbb4914aaedf5fa5e4cd8_JaffaCakes118
-
Size
1.1MB
-
Sample
240809-2pc39sshpk
-
MD5
83d979bbbf2dbb4914aaedf5fa5e4cd8
-
SHA1
8622bff19d4dbee74043e00b00822e8b18d5f2eb
-
SHA256
2502d1b127a157236452fc3d227dbb26436cf3f25803f42645872483269709df
-
SHA512
6c5540b49793b1360e417f6757c245485b6723ffb0932c0228b62f353c996280123be937a6ef0eeb811937722eef81d89dbf86f5a5f5f67352ce6f5bcdc9f502
-
SSDEEP
24576:X/556GRwTXdfepmW5Ochghnd13jtpqQ6zgW7z7/UtB5G9+y1:P5564wTYmW5OchgV73jt5SgWHjoB411
Static task
static1
Behavioral task
behavioral1
Sample
83d979bbbf2dbb4914aaedf5fa5e4cd8_JaffaCakes118.exe
Resource
win7-20240704-en
Malware Config
Extracted
cybergate
v1.07.5
Cyber
127.0.0.1:999
himikatz.no-ip.org:82
XCWN170LHNSEM5
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Winbooterr
-
install_file
winlogon.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
soska
Targets
-
-
Target
83d979bbbf2dbb4914aaedf5fa5e4cd8_JaffaCakes118
-
Size
1.1MB
-
MD5
83d979bbbf2dbb4914aaedf5fa5e4cd8
-
SHA1
8622bff19d4dbee74043e00b00822e8b18d5f2eb
-
SHA256
2502d1b127a157236452fc3d227dbb26436cf3f25803f42645872483269709df
-
SHA512
6c5540b49793b1360e417f6757c245485b6723ffb0932c0228b62f353c996280123be937a6ef0eeb811937722eef81d89dbf86f5a5f5f67352ce6f5bcdc9f502
-
SSDEEP
24576:X/556GRwTXdfepmW5Ochghnd13jtpqQ6zgW7z7/UtB5G9+y1:P5564wTYmW5OchgV73jt5SgWHjoB411
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-