Behavioral task
behavioral1
Sample
b773a3a0c3df48de9f2a487a87e7c11c_JaffaCakes118.exe
Resource
win7-20240704-en
General
-
Target
b773a3a0c3df48de9f2a487a87e7c11c_JaffaCakes118
-
Size
332KB
-
MD5
b773a3a0c3df48de9f2a487a87e7c11c
-
SHA1
ce398d6ac3950cfcc29573fd1ecbe0cba937d8bd
-
SHA256
9010cda7e2d9d9a47b9a8ae76573fb643a53fad3fae1166e38755cac0eef04aa
-
SHA512
cdcaaa6a2964a5814be966812c894f47849115000bd247cbcd9c8082c3365cb5c2ae91689a188c9ef6b24f04d3ab6891908c7ac4eab58fb878e07353156acaf5
-
SSDEEP
6144:/mcD66RZ5JGmrpQsK3RD2u270jupCJsCxCxIdkO:ucD66qZ2zkPaCxy
Malware Config
Extracted
cybergate
2.6
Server
aaaasdeqqqqqq.no-ip.biz:80
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
spynet
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
abcd1234
-
regkey_hkcu
HKCU
Signatures
Files
-
b773a3a0c3df48de9f2a487a87e7c11c_JaffaCakes118.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 270KB - Virtual size: 272KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE