General
-
Target
a219ef3141cddfcf5832d638bf96a918_JaffaCakes118
-
Size
364KB
-
Sample
240817-lzkm4azcma
-
MD5
a219ef3141cddfcf5832d638bf96a918
-
SHA1
ec4d10b80c60a1979649fbe5523cabc678f06776
-
SHA256
ac0a264730749bbb0c089d4477d2d5eab84461c935d968a9c33623a29f5bbfa2
-
SHA512
d4e83c002079ee7a0b4c2cebfebcae47e0201d4ce316493d2421647fa7cc89ddcc0e47d4d3934f99c25550663f402e4bfe46753a8b5406239c142bc6e7b8bc40
-
SSDEEP
6144:tHN1cRDDVWZcJf2iDG/0yUUQGfinZPJd+Nm8WhF+s/0CHrYmCBAi/bgdSByYnuy:tHCgqG/iZPJdj8wuCLYmCBAO9yU
Behavioral task
behavioral1
Sample
a219ef3141cddfcf5832d638bf96a918_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
cybergate
2.6
vítima
127.0.0.1:82
mrrochdi.no-ip.info:82
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
a219ef3141cddfcf5832d638bf96a918_JaffaCakes118
-
Size
364KB
-
MD5
a219ef3141cddfcf5832d638bf96a918
-
SHA1
ec4d10b80c60a1979649fbe5523cabc678f06776
-
SHA256
ac0a264730749bbb0c089d4477d2d5eab84461c935d968a9c33623a29f5bbfa2
-
SHA512
d4e83c002079ee7a0b4c2cebfebcae47e0201d4ce316493d2421647fa7cc89ddcc0e47d4d3934f99c25550663f402e4bfe46753a8b5406239c142bc6e7b8bc40
-
SSDEEP
6144:tHN1cRDDVWZcJf2iDG/0yUUQGfinZPJd+Nm8WhF+s/0CHrYmCBAi/bgdSByYnuy:tHCgqG/iZPJdj8wuCLYmCBAO9yU
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in System32 directory
-