General
-
Target
1176a95bb949f4aac0cbd6525e5dc4cd_JaffaCakes118
-
Size
321KB
-
Sample
241004-czcg2szcqm
-
MD5
1176a95bb949f4aac0cbd6525e5dc4cd
-
SHA1
83dd79bdc36f7a98a7867ee3415425f2e6e90f95
-
SHA256
25158742937c8d6e4cf2c6b6d14de895924beddc075c332a6d7b1ff48a6f2151
-
SHA512
dc53ce0f53925cad5d930611d262c26f876ee246596fbce3c7914262d9ff9f91c4f59b64f38d92c9b5347d701c6fc18df21ddf6b9a756e93d9dd6975e50f834e
-
SSDEEP
6144:cFKoZTPsAbPN7tcWKRBl6ZslM/UNhPlajVeKlg0MoS3m6lPDm3vhJmyTI+uSoS:cFKisArR+WAB0yyUDNablg26hC3fJU+v
Static task
static1
Behavioral task
behavioral1
Sample
1176a95bb949f4aac0cbd6525e5dc4cd_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
cybergate
v1.07.5
Dark
svcdns.zapto.org:1338
QQR1PER374014X
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
cybergate
Targets
-
-
Target
1176a95bb949f4aac0cbd6525e5dc4cd_JaffaCakes118
-
Size
321KB
-
MD5
1176a95bb949f4aac0cbd6525e5dc4cd
-
SHA1
83dd79bdc36f7a98a7867ee3415425f2e6e90f95
-
SHA256
25158742937c8d6e4cf2c6b6d14de895924beddc075c332a6d7b1ff48a6f2151
-
SHA512
dc53ce0f53925cad5d930611d262c26f876ee246596fbce3c7914262d9ff9f91c4f59b64f38d92c9b5347d701c6fc18df21ddf6b9a756e93d9dd6975e50f834e
-
SSDEEP
6144:cFKoZTPsAbPN7tcWKRBl6ZslM/UNhPlajVeKlg0MoS3m6lPDm3vhJmyTI+uSoS:cFKisArR+WAB0yyUDNablg26hC3fJU+v
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-