General
-
Target
d554369e5387c32325624baef73c5e15_JaffaCakes118
-
Size
293KB
-
Sample
240909-aabhcavane
-
MD5
d554369e5387c32325624baef73c5e15
-
SHA1
94dca3f3758a1693e7c7831070ded5079794d3ed
-
SHA256
f155f5f37997e49fc37c860fe52b59b15579a47aa0a03a611530dc643ce94d2a
-
SHA512
1401a66b024741a57936b8f910adc877a29d6b78b889e12961148d1655f4c8b53b26c448587afc725b2a160ba523d0f9faed395c451c9aa74bdacc2e249186f3
-
SSDEEP
6144:6A4udNbQfF/dQ29u4jMgdaGkjn1XNOF4+HKGjKopqV7Q7P+wqAz:f4uXQfF1l9NjMgdo1+4T76E7Q7l
Static task
static1
Behavioral task
behavioral1
Sample
d554369e5387c32325624baef73c5e15_JaffaCakes118.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
d554369e5387c32325624baef73c5e15_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
cybergate
2.5
vítima
dasdasdas.zapto.org:8080
mierda.no-ip.org:8080
asdd.zapto.org:8080
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
dir8558.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Ha ocurrido un error al intentar abrir el archivo, esto puede ser debido a un problema de compatibilidad. Pruebe ejecutando el archivo en modo compatible con su sistema operativo.
-
message_box_title
Error 4x223
-
password
1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
d554369e5387c32325624baef73c5e15_JaffaCakes118
-
Size
293KB
-
MD5
d554369e5387c32325624baef73c5e15
-
SHA1
94dca3f3758a1693e7c7831070ded5079794d3ed
-
SHA256
f155f5f37997e49fc37c860fe52b59b15579a47aa0a03a611530dc643ce94d2a
-
SHA512
1401a66b024741a57936b8f910adc877a29d6b78b889e12961148d1655f4c8b53b26c448587afc725b2a160ba523d0f9faed395c451c9aa74bdacc2e249186f3
-
SSDEEP
6144:6A4udNbQfF/dQ29u4jMgdaGkjn1XNOF4+HKGjKopqV7Q7P+wqAz:f4uXQfF1l9NjMgdo1+4T76E7Q7l
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-