General
-
Target
d593a5d6558a2ea2768d9862983c76c0_JaffaCakes118
-
Size
901KB
-
Sample
240909-dwwxysygnq
-
MD5
d593a5d6558a2ea2768d9862983c76c0
-
SHA1
826ea32d07eb0a54d0d1823b542c205cc270a2be
-
SHA256
fbed47d48b5852f0e243ed1c5675a9baccd7a5a27e20454d53eddc8975667456
-
SHA512
cd4b5d2900f121efd2670a2686d23354cb635ca9f51e33cdb5d1dd544bd3ddb59b5e71c829ee08a1217dd519cef7b9fc4d0248f7e1e6363818868b7e0ec4c232
-
SSDEEP
24576:6zq+LtXVERKGMUT7ZaclhgV6x74YW6XR9WMdvXaPN:6zq+xXVyKGMc7MUQ6JXmM5YN
Behavioral task
behavioral1
Sample
Hack comptes Steam/Hack comptes Steam.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Hack comptes Steam/Hack comptes Steam.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Hack comptes Steam/mozsqlite3.dll
Resource
win7-20240903-en
Malware Config
Extracted
cybergate
2.7 Final
vítima
78.243.80.47:80
78.243.80.47:81
78.243.80.47:82
78.243.80.47:83
geekattitude.dyndns-ip.com:80
geekattitude.dyndns-ip.com :81
geekattitude.dyndns-ip.com :82
geekattitude.dyndns-ip.com :83
192.168.0.16:80
192.168.0.16:81
192.168.0.16:82
192.168.0.16:83
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
Hack comptes Steam
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Nous sommes en train de vous séléctionner un compte Steam à partir de notre base de données. VEUILLEZ PATIENTEZ. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
-
message_box_title
Hack comptes Steam
-
password
abcd1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
Hack comptes Steam/Hack comptes Steam.exe
-
Size
1.4MB
-
MD5
b47184afa534f3e5e2662dc1d54f8fb0
-
SHA1
1674177ce7d692bd5dcd3a12b997c6018e7cd315
-
SHA256
f213877df37706aeb01c63715436ceb910d68a78a39cbbb02e1211a093118c26
-
SHA512
a649d3c6bd0685359a57d76cbf4f86712acec035b7d4a3746b1d7d69fb43e64a590fccebd4cd16a1de8310e4b4e23ce65478b4c266d90cb0fdf77360e5695620
-
SSDEEP
24576:PwQWJ4pctFUwAHQIwEjjiooq+WJ4pctFUwAHQIwEjjiooqsLtwCc26uGi2VCHXSF:2JsctFT8jiooq7JsctFT8jiooqsLWpYU
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
Hack comptes Steam/mozsqlite3.dll
-
Size
171KB
-
MD5
744dcc4cbbfbb18fe3878c4e769ec48f
-
SHA1
c1f2c56ee2d91203a01d3465f185295477a1217d
-
SHA256
33eb31a2a576e663474a895ff0190316c64a93d9ce05a55df0d53f9beeb61163
-
SHA512
706630be2ca09e574a7794e32e515a0a3f993643d034647b8cb976c1e7045e87e30362757cc65fcdb95f4a4327f0dcda3edc82ba84e5ed9115870a037e13af21
-
SSDEEP
3072:4yOtgCNPbAHuzueAlwsKmiiEHpmBt7tjBwHH1ELXvSsmB8teUOhKJz4ZKJNCT1xe:FOtRsOz2xKmGH8JBwn+2smB1Uf8Kurb
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1