General
-
Target
30103fd1b25125c497fed438a3190d70_JaffaCakes118
-
Size
328KB
-
Sample
241010-qlel5sxdma
-
MD5
30103fd1b25125c497fed438a3190d70
-
SHA1
7b76f492ed4e5dc192b3ba8ca456fb6b6285e479
-
SHA256
29fae075cf59c67bb506c804179841a16034ed111e104579e991394eb7be2d4d
-
SHA512
24b53189199673a6c9fc7d6ef612d2906f07a7fdbbbc55673150fcaf2246e345596df467e7e47f198318a9fe909c69f4e15a075e1480ecd099a000c0de1b2e0b
-
SSDEEP
6144:kxbL2McLySej98Zkn2jy8P77IWkArG50AOCzWPdTZrmqD6nC:kxv2MxSknWyynIWkArGoCaq3C
Static task
static1
Behavioral task
behavioral1
Sample
30103fd1b25125c497fed438a3190d70_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
cybergate
2.6
vítima
127.0.0.1:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
30103fd1b25125c497fed438a3190d70_JaffaCakes118
-
Size
328KB
-
MD5
30103fd1b25125c497fed438a3190d70
-
SHA1
7b76f492ed4e5dc192b3ba8ca456fb6b6285e479
-
SHA256
29fae075cf59c67bb506c804179841a16034ed111e104579e991394eb7be2d4d
-
SHA512
24b53189199673a6c9fc7d6ef612d2906f07a7fdbbbc55673150fcaf2246e345596df467e7e47f198318a9fe909c69f4e15a075e1480ecd099a000c0de1b2e0b
-
SSDEEP
6144:kxbL2McLySej98Zkn2jy8P77IWkArG50AOCzWPdTZrmqD6nC:kxv2MxSknWyynIWkArGoCaq3C
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-