General
-
Target
878c033313a7cc691ef056cc9b213fad_JaffaCakes118
-
Size
289KB
-
Sample
240810-y7fekawfrp
-
MD5
878c033313a7cc691ef056cc9b213fad
-
SHA1
3bd64d615087b151840c9e8370a0865e48dc3da5
-
SHA256
df165fd39b7c1ac74866aa992de52529b3fc93accc4c3f5b3563847516c08588
-
SHA512
241bf759865be03ba35e823864828ab8f70b10d220bdcb3af4a4e22c77767d7e1238e58542068d18e4ccd53419a7c024606c7d77910662f8d7d42ba346f7a984
-
SSDEEP
6144:+OpslFlqghdBCkWYxuukP1pjSKSNVkq/MVJbh:+wsljTBd47GLRMTbh
Behavioral task
behavioral1
Sample
878c033313a7cc691ef056cc9b213fad_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
cybergate
v1.07.5
cyber
gleep3r.no-ip.org:82
B2O42NX0MGSF11
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
WinDir
-
install_file
Svchost.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
878c033313a7cc691ef056cc9b213fad_JaffaCakes118
-
Size
289KB
-
MD5
878c033313a7cc691ef056cc9b213fad
-
SHA1
3bd64d615087b151840c9e8370a0865e48dc3da5
-
SHA256
df165fd39b7c1ac74866aa992de52529b3fc93accc4c3f5b3563847516c08588
-
SHA512
241bf759865be03ba35e823864828ab8f70b10d220bdcb3af4a4e22c77767d7e1238e58542068d18e4ccd53419a7c024606c7d77910662f8d7d42ba346f7a984
-
SSDEEP
6144:+OpslFlqghdBCkWYxuukP1pjSKSNVkq/MVJbh:+wsljTBd47GLRMTbh
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-