General
-
Target
9efe3ade1e594d657d642ce0d60c9ef0_JaffaCakes118
-
Size
312KB
-
Sample
240816-s9nk3atale
-
MD5
9efe3ade1e594d657d642ce0d60c9ef0
-
SHA1
05bf54d02266e1f2f7eaffdd5ce84a04619deca0
-
SHA256
1f386f5b5599020748250827524cab302e579cb6b40f618ce475d93188080eef
-
SHA512
9d5a54d204f1eda51f11029186aba17119e6b7a9a73595a083ec9ddac7e1dc06c609a9eb1598477dde7f3c0d810e058fc73dcd5317a15c128da25c0f7342b8c9
-
SSDEEP
6144:3/gu9KW8BATJXGm3xogV1GU/P/kGDWCIS4yVQmzb:3/jKW1TtGkz3kO94yQ2
Static task
static1
Behavioral task
behavioral1
Sample
9efe3ade1e594d657d642ce0d60c9ef0_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
cybergate
2.6
vítima
127.0.0.1:81
***MUTnmnEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
instig
-
install_file
Wildfer.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
9efe3ade1e594d657d642ce0d60c9ef0_JaffaCakes118
-
Size
312KB
-
MD5
9efe3ade1e594d657d642ce0d60c9ef0
-
SHA1
05bf54d02266e1f2f7eaffdd5ce84a04619deca0
-
SHA256
1f386f5b5599020748250827524cab302e579cb6b40f618ce475d93188080eef
-
SHA512
9d5a54d204f1eda51f11029186aba17119e6b7a9a73595a083ec9ddac7e1dc06c609a9eb1598477dde7f3c0d810e058fc73dcd5317a15c128da25c0f7342b8c9
-
SSDEEP
6144:3/gu9KW8BATJXGm3xogV1GU/P/kGDWCIS4yVQmzb:3/jKW1TtGkz3kO94yQ2
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-