General
-
Target
d6e16504b793c7a63897e0d398a4f8ea_JaffaCakes118
-
Size
2.7MB
-
Sample
240909-w7pbcsshqp
-
MD5
d6e16504b793c7a63897e0d398a4f8ea
-
SHA1
d64355b46894ab022bb558fc5495414b55c8ffd0
-
SHA256
cb7ca3bdfc9ab600d548564d80aed0f3731e4a5e1f6cf1f554d923872c11a77d
-
SHA512
545c5f74178ebaa9131c59ad00a118be4a0962a7b70eb86033ea8ce2e847a5ef7de57771d162f0d43c82597641e46f5552df82b7bf0981c17a8ff79ea7a23c17
-
SSDEEP
49152:IrSo4KONtojoco2xHoGvYYYYYYYYYYYRYYYYYYYYYYrkIEA7/eFG:IrIYjk22GvYYYYYYYYYYYRYYYYYYYYYT
Static task
static1
Behavioral task
behavioral1
Sample
d6e16504b793c7a63897e0d398a4f8ea_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
cybergate
v3.4.2.2
remote
asade.no-ip.org:25565
A6F405Y273QX48
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
zczx
-
install_file
assf
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
cybergate
-
regkey_hkcu
svchost
-
regkey_hklm
skype
Targets
-
-
Target
d6e16504b793c7a63897e0d398a4f8ea_JaffaCakes118
-
Size
2.7MB
-
MD5
d6e16504b793c7a63897e0d398a4f8ea
-
SHA1
d64355b46894ab022bb558fc5495414b55c8ffd0
-
SHA256
cb7ca3bdfc9ab600d548564d80aed0f3731e4a5e1f6cf1f554d923872c11a77d
-
SHA512
545c5f74178ebaa9131c59ad00a118be4a0962a7b70eb86033ea8ce2e847a5ef7de57771d162f0d43c82597641e46f5552df82b7bf0981c17a8ff79ea7a23c17
-
SSDEEP
49152:IrSo4KONtojoco2xHoGvYYYYYYYYYYYRYYYYYYYYYYrkIEA7/eFG:IrIYjk22GvYYYYYYYYYYYRYYYYYYYYYT
-
Suspicious use of SetThreadContext
-