General
-
Target
e6cc34a79ab17b9f42d37580b7282470_JaffaCakes118
-
Size
2.1MB
-
Sample
240917-pd9xmsseml
-
MD5
e6cc34a79ab17b9f42d37580b7282470
-
SHA1
79767caf05b422eb1ae6cc626a8d52388399f22c
-
SHA256
e895a3153f4d3cf0583454bab02acb6eee42b4e913a34d3aed81d4ab55c4cbb1
-
SHA512
0c4105bed44c480c2925dacfa15928fb3d2e56dd0d05dd1c46c55934abadf579920a9bff8e5d0df85b02cf1d3e393e09c9943e9e7fd7780360d02a04ecc1a3ba
-
SSDEEP
49152:D3Amrj8UBRV69x8OgpG92rHAlqcSjVYqiJj6SyyV:prrBR49NoicglgjVSJjrdV
Static task
static1
Behavioral task
behavioral1
Sample
e6cc34a79ab17b9f42d37580b7282470_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
cybergate
v1.07.0
remote
shoujukan24.servehttp.com:80
6FSH3577U21I74
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
svchost.exe
-
install_dir
driver
-
install_file
smss.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
758221
Targets
-
-
Target
e6cc34a79ab17b9f42d37580b7282470_JaffaCakes118
-
Size
2.1MB
-
MD5
e6cc34a79ab17b9f42d37580b7282470
-
SHA1
79767caf05b422eb1ae6cc626a8d52388399f22c
-
SHA256
e895a3153f4d3cf0583454bab02acb6eee42b4e913a34d3aed81d4ab55c4cbb1
-
SHA512
0c4105bed44c480c2925dacfa15928fb3d2e56dd0d05dd1c46c55934abadf579920a9bff8e5d0df85b02cf1d3e393e09c9943e9e7fd7780360d02a04ecc1a3ba
-
SSDEEP
49152:D3Amrj8UBRV69x8OgpG92rHAlqcSjVYqiJj6SyyV:prrBR49NoicglgjVSJjrdV
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1