General
-
Target
cdce36b8d22551e24e9ab05bd52e8d45_JaffaCakes118
-
Size
1.2MB
-
Sample
240831-3h2cyssand
-
MD5
cdce36b8d22551e24e9ab05bd52e8d45
-
SHA1
f86599cb972c8415173c575b2b2dc9c38a940b55
-
SHA256
69962aedbb6c4d4ed5f368d7758e9b1e8bba98369608e6e9cd48d3682469d1e8
-
SHA512
898cbaca65d23cd20bba37e36afacae0fc4fbd860acf5777ab184acaa2b073ad523f46aa60651ab388193ce57eb93ec1064b2fe1414b1fb7452d40538955a714
-
SSDEEP
3072:gmz4yjZIybYwEOCMRqWZAmDrlYSRcqzuD+s1IahUfBYR8jJPz2qJs9mTb4qHCSJs:gmZxWd
Static task
static1
Behavioral task
behavioral1
Sample
cdce36b8d22551e24e9ab05bd52e8d45_JaffaCakes118.exe
Resource
win7-20240729-en
Malware Config
Extracted
cybergate
v1.18.0 - Trial version
remote
ali70.no-ip.biz:999
WM7NR632JU3GL4
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_dir
rety
-
install_file
massnger.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
cybergate
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
cdce36b8d22551e24e9ab05bd52e8d45_JaffaCakes118
-
Size
1.2MB
-
MD5
cdce36b8d22551e24e9ab05bd52e8d45
-
SHA1
f86599cb972c8415173c575b2b2dc9c38a940b55
-
SHA256
69962aedbb6c4d4ed5f368d7758e9b1e8bba98369608e6e9cd48d3682469d1e8
-
SHA512
898cbaca65d23cd20bba37e36afacae0fc4fbd860acf5777ab184acaa2b073ad523f46aa60651ab388193ce57eb93ec1064b2fe1414b1fb7452d40538955a714
-
SSDEEP
3072:gmz4yjZIybYwEOCMRqWZAmDrlYSRcqzuD+s1IahUfBYR8jJPz2qJs9mTb4qHCSJs:gmZxWd
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2