General
-
Target
d670d3eb5f129515e38e6d911a7fa7a7_JaffaCakes118
-
Size
404KB
-
Sample
240909-q4jnta1ekq
-
MD5
d670d3eb5f129515e38e6d911a7fa7a7
-
SHA1
57233f0784f735526271a0c8e06ad62c7d6d5e1a
-
SHA256
a98875ef2c5db121fa06ab3263e6f5f54d0f5013b0d43d96fa3179a60ed90a8c
-
SHA512
46add9b899b5d2fd5cb1ef57a6c7bf54fc915dda5b07f9868354691c4c59d6198445ccc308143e66658c1ffdc9e7bf2adb4ca8a7cf17146b8dfd95ade677b7d8
-
SSDEEP
12288:qZNh9U9+1mWHY/inYVSIajboeCOa+WVE9snG/FLEU9:qQauiYVSLjbUOa+W7nG/FLEU9
Static task
static1
Behavioral task
behavioral1
Sample
d670d3eb5f129515e38e6d911a7fa7a7_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d670d3eb5f129515e38e6d911a7fa7a7_JaffaCakes118.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
cybergate
2.6
vítima
xzx2010.no-ip.org:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
d670d3eb5f129515e38e6d911a7fa7a7_JaffaCakes118
-
Size
404KB
-
MD5
d670d3eb5f129515e38e6d911a7fa7a7
-
SHA1
57233f0784f735526271a0c8e06ad62c7d6d5e1a
-
SHA256
a98875ef2c5db121fa06ab3263e6f5f54d0f5013b0d43d96fa3179a60ed90a8c
-
SHA512
46add9b899b5d2fd5cb1ef57a6c7bf54fc915dda5b07f9868354691c4c59d6198445ccc308143e66658c1ffdc9e7bf2adb4ca8a7cf17146b8dfd95ade677b7d8
-
SSDEEP
12288:qZNh9U9+1mWHY/inYVSIajboeCOa+WVE9snG/FLEU9:qQauiYVSLjbUOa+W7nG/FLEU9
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1SIP and Trust Provider Hijacking
1