General
-
Target
e2ab1db63f5687515fe299e10cccaa0a_JaffaCakes118
-
Size
407KB
-
Sample
240915-rhq2faxgpr
-
MD5
e2ab1db63f5687515fe299e10cccaa0a
-
SHA1
cac742f61b1bd65826230ce6dff6df4640af0a96
-
SHA256
1c072f68b3f2b6c3148d98f94766bb8b80b4b0601c6f4c3dc6de07a342ba4da6
-
SHA512
c001f1d894646df6d8685a62248c084ab92ac175e5892972abf9bb442b412161f7a664cc750a1a0fa2b30c7cf72cffdf53b2bd6ade80740cd7b17fff37583c4d
-
SSDEEP
12288:ImNI7be0p/3xz8uuU65vU9cgJ4P2KQc9e:ImNI7hpcDltgJ4+Kg
Static task
static1
Behavioral task
behavioral1
Sample
e2ab1db63f5687515fe299e10cccaa0a_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
cybergate
v1.07.5
remote
jir.zapto.org:3333
71XIBX41MC403J
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
WinDir
-
install_file
Svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
cybergate
Targets
-
-
Target
e2ab1db63f5687515fe299e10cccaa0a_JaffaCakes118
-
Size
407KB
-
MD5
e2ab1db63f5687515fe299e10cccaa0a
-
SHA1
cac742f61b1bd65826230ce6dff6df4640af0a96
-
SHA256
1c072f68b3f2b6c3148d98f94766bb8b80b4b0601c6f4c3dc6de07a342ba4da6
-
SHA512
c001f1d894646df6d8685a62248c084ab92ac175e5892972abf9bb442b412161f7a664cc750a1a0fa2b30c7cf72cffdf53b2bd6ade80740cd7b17fff37583c4d
-
SSDEEP
12288:ImNI7be0p/3xz8uuU65vU9cgJ4P2KQc9e:ImNI7hpcDltgJ4+Kg
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-