General
-
Target
8cb87060d6eea262824ab86867bdf6d4_JaffaCakes118
-
Size
667KB
-
Sample
240812-bh19eayamk
-
MD5
8cb87060d6eea262824ab86867bdf6d4
-
SHA1
aba3db1db01b033a1f3ebaae3906265b55db5c58
-
SHA256
7eb34839917c66129a5e38f8f8a9d027dce28a8e1a1c0ebc4ffef4c520bce8cd
-
SHA512
448dff37cced428d13eb88e0df8110399287dc9c7977c305f29892590b371e4b927734e836ef4e05f356cd92bc133c575269d216c7de69f309cff0876d958dd5
-
SSDEEP
12288:ESK4U2UPvfJlq1eMptmOMWGKayr2vzcUkUq4RHhHUryG8jz5FHp3ExH2:Er4uXhOeMpYpWpaShBMB0uHrBCW
Static task
static1
Behavioral task
behavioral1
Sample
8cb87060d6eea262824ab86867bdf6d4_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
cybergate
2.7 Final
vítima
ahmedahmed.no-ip.info:82
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
8cb87060d6eea262824ab86867bdf6d4_JaffaCakes118
-
Size
667KB
-
MD5
8cb87060d6eea262824ab86867bdf6d4
-
SHA1
aba3db1db01b033a1f3ebaae3906265b55db5c58
-
SHA256
7eb34839917c66129a5e38f8f8a9d027dce28a8e1a1c0ebc4ffef4c520bce8cd
-
SHA512
448dff37cced428d13eb88e0df8110399287dc9c7977c305f29892590b371e4b927734e836ef4e05f356cd92bc133c575269d216c7de69f309cff0876d958dd5
-
SSDEEP
12288:ESK4U2UPvfJlq1eMptmOMWGKayr2vzcUkUq4RHhHUryG8jz5FHp3ExH2:Er4uXhOeMpYpWpaShBMB0uHrBCW
-
Suspicious use of SetThreadContext
-