General
-
Target
a272083a2fb45da5a9a7a2d0ade9c7d4_JaffaCakes118
-
Size
481KB
-
Sample
240817-n6w1tathnc
-
MD5
a272083a2fb45da5a9a7a2d0ade9c7d4
-
SHA1
45a5384134397f61c34d5be02bbd0b1e3e17752e
-
SHA256
64dca7cda24b35f0f4a96baede9ac5b690f12279cbab266edf0cd92d88187b76
-
SHA512
a8731535eda9c148ef52bb03ded8c7130e304d3973b57f83f4df5fc99f99a0b1993cf70555fc60e16333ef93c3bca9f1aa35206b1ad099a2a4cb58bac87f3c4a
-
SSDEEP
12288:/wFz27OaZXEZtTdx7/0BQW/BT2xVORokp:/2KREZN/7NQqm
Static task
static1
Behavioral task
behavioral1
Sample
a272083a2fb45da5a9a7a2d0ade9c7d4_JaffaCakes118.exe
Resource
win7-20240705-en
Malware Config
Extracted
cybergate
2.7 Final
vítima
127.0.0.1:81
***MUTEX***
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
a272083a2fb45da5a9a7a2d0ade9c7d4_JaffaCakes118
-
Size
481KB
-
MD5
a272083a2fb45da5a9a7a2d0ade9c7d4
-
SHA1
45a5384134397f61c34d5be02bbd0b1e3e17752e
-
SHA256
64dca7cda24b35f0f4a96baede9ac5b690f12279cbab266edf0cd92d88187b76
-
SHA512
a8731535eda9c148ef52bb03ded8c7130e304d3973b57f83f4df5fc99f99a0b1993cf70555fc60e16333ef93c3bca9f1aa35206b1ad099a2a4cb58bac87f3c4a
-
SSDEEP
12288:/wFz27OaZXEZtTdx7/0BQW/BT2xVORokp:/2KREZN/7NQqm
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-