General
-
Target
e1d46e265901437288682c6e53136835_JaffaCakes118
-
Size
652KB
-
Sample
240915-glc9msydmd
-
MD5
e1d46e265901437288682c6e53136835
-
SHA1
8275d692595b69c8619174add2450fb50182f95b
-
SHA256
a9705bb94503655ef419f1e6e94e3b924d206cd2f031f9fa541c9776a1c99dfe
-
SHA512
c44b0eb6152ef58e022b9a5f7c5187abe669cef3f63bbb816ce5229b75d734144a3e8b1427c57dde34e437a7de5f4d59ca7d1a72d7a55b411fda80555f91faca
-
SSDEEP
12288:UrxAG4uaINOH5IoOdVFJxBafiximZ+XbxV5dt+ViSU+vl35HGVfoRMMDMMuG+xES:UGXuboOdVFJ2fixNMXbzUiSVNpKfoRMh
Static task
static1
Behavioral task
behavioral1
Sample
e1d46e265901437288682c6e53136835_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
cybergate
v1.18.0 - Crack Version
remote
almm.no-ip.biz:999
7LRV2U5X7C0207
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_dir
Microsoft
-
install_file
update.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
8899
-
regkey_hkcu
update
-
regkey_hklm
EDIT
Targets
-
-
Target
e1d46e265901437288682c6e53136835_JaffaCakes118
-
Size
652KB
-
MD5
e1d46e265901437288682c6e53136835
-
SHA1
8275d692595b69c8619174add2450fb50182f95b
-
SHA256
a9705bb94503655ef419f1e6e94e3b924d206cd2f031f9fa541c9776a1c99dfe
-
SHA512
c44b0eb6152ef58e022b9a5f7c5187abe669cef3f63bbb816ce5229b75d734144a3e8b1427c57dde34e437a7de5f4d59ca7d1a72d7a55b411fda80555f91faca
-
SSDEEP
12288:UrxAG4uaINOH5IoOdVFJxBafiximZ+XbxV5dt+ViSU+vl35HGVfoRMMDMMuG+xES:UGXuboOdVFJ2fixNMXbzUiSVNpKfoRMh
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2