General
-
Target
d55404aaec7fd0c415837c48a2046b8c_JaffaCakes118
-
Size
836KB
-
Sample
240908-31xgqasakr
-
MD5
d55404aaec7fd0c415837c48a2046b8c
-
SHA1
658718a2953e3ec9e4a46d200d22c38fb62fe098
-
SHA256
8a1d498351a55360bbbff1539244a056bf80fe9fe35478562620b5ab0cf02041
-
SHA512
8249494229151847f06b088c40db962aba23d81cfcd8cec1d80ab8db5f4f82109178d736e13ee9a5b300eff4428fa0a4d0cbd6108086571df453210a47247557
-
SSDEEP
12288:S2jZpCWBL+UzWnjIsCs4hKICvBLKSVeKHKKS+jEai0F/uRAna3XZIDkKM8e2WT2W:5TOCxg0ZXwS2Jp4Y
Static task
static1
Behavioral task
behavioral1
Sample
d55404aaec7fd0c415837c48a2046b8c_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
cybergate
v1.07.5
remote
marklemstar.hopto.org:823
0CH63EXVO33BMQ
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
2105598
Targets
-
-
Target
d55404aaec7fd0c415837c48a2046b8c_JaffaCakes118
-
Size
836KB
-
MD5
d55404aaec7fd0c415837c48a2046b8c
-
SHA1
658718a2953e3ec9e4a46d200d22c38fb62fe098
-
SHA256
8a1d498351a55360bbbff1539244a056bf80fe9fe35478562620b5ab0cf02041
-
SHA512
8249494229151847f06b088c40db962aba23d81cfcd8cec1d80ab8db5f4f82109178d736e13ee9a5b300eff4428fa0a4d0cbd6108086571df453210a47247557
-
SSDEEP
12288:S2jZpCWBL+UzWnjIsCs4hKICvBLKSVeKHKKS+jEai0F/uRAna3XZIDkKM8e2WT2W:5TOCxg0ZXwS2Jp4Y
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-