General
-
Target
d7da489a148a4d6b965f5c5f02bd4405_JaffaCakes118
-
Size
454KB
-
Sample
240910-jz7rhsvfqe
-
MD5
d7da489a148a4d6b965f5c5f02bd4405
-
SHA1
9fc8029af2dab30f9251e9084021a15dda5f9605
-
SHA256
43fd8c5fe054a7b8a637331949d8710f75ff8b1f94438eddf256e609abf5153c
-
SHA512
f3e483e45938eef7942f904af22fa6eb90eaff0c16d0d79aee6ab564b67e97eaac4ff3fe8d4892c5c5dc94a623bf5bf1f5f57954bf19920b482ecc3628c22ce1
-
SSDEEP
6144:bpwcQy9+hHdPqYwXrxuXfUb1KhbW2khWCN3D9jWHx7lW5DxQ7Jbw1QmyP:bpCy4hHdm7xuXf5cHWAcSQu4
Behavioral task
behavioral1
Sample
d7da489a148a4d6b965f5c5f02bd4405_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
cybergate
2.6
vítima
127.0.0.1:81
jocker-hacker.no-ip.biz:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
ftp_password
ª÷Öº+Þ
-
ftp_port
21
-
ftp_server
ftp.server.com
-
ftp_username
ftp_user
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
true
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
d7da489a148a4d6b965f5c5f02bd4405_JaffaCakes118
-
Size
454KB
-
MD5
d7da489a148a4d6b965f5c5f02bd4405
-
SHA1
9fc8029af2dab30f9251e9084021a15dda5f9605
-
SHA256
43fd8c5fe054a7b8a637331949d8710f75ff8b1f94438eddf256e609abf5153c
-
SHA512
f3e483e45938eef7942f904af22fa6eb90eaff0c16d0d79aee6ab564b67e97eaac4ff3fe8d4892c5c5dc94a623bf5bf1f5f57954bf19920b482ecc3628c22ce1
-
SSDEEP
6144:bpwcQy9+hHdPqYwXrxuXfUb1KhbW2khWCN3D9jWHx7lW5DxQ7Jbw1QmyP:bpCy4hHdm7xuXf5cHWAcSQu4
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1