General
-
Target
4d15239d937d2189ab2ee2a770ef6cba_JaffaCakes118
-
Size
281KB
-
Sample
241016-qqwq8avhmp
-
MD5
4d15239d937d2189ab2ee2a770ef6cba
-
SHA1
eb15c342fdec2ae2b3e3ab0963bb689c9d4f16b2
-
SHA256
af08e4a749fa3a6e0adaf5858e947309df7b68833531769c90131056153b67cf
-
SHA512
441c392637d41675c79c13c194442227e8aa6b7c64ac275fba90041266d57c49b1cf5849e93369e3f3cb71239d17f0366e1927ec810d542b17c6c44e351ccbd0
-
SSDEEP
6144:uy+phVTwlTLfkixFUQKf3D7TnBAZ5qhbxp:r+pP0lYixsfvDBAzK9p
Behavioral task
behavioral1
Sample
4d15239d937d2189ab2ee2a770ef6cba_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
cybergate
v1.11.0 - Public Version
test
fjeden.no-ip.biz:82
8C5KQOTH1PYVW6
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
ftp_password
120319899
-
ftp_port
21
-
ftp_server
aufjeden1337.au.funpic.de
-
ftp_username
aufjeden1337
-
injected_process
explorer.exe
-
install_dir
Winupdate
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
true
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
12031989
-
regkey_hkcu
HKCU
Targets
-
-
Target
4d15239d937d2189ab2ee2a770ef6cba_JaffaCakes118
-
Size
281KB
-
MD5
4d15239d937d2189ab2ee2a770ef6cba
-
SHA1
eb15c342fdec2ae2b3e3ab0963bb689c9d4f16b2
-
SHA256
af08e4a749fa3a6e0adaf5858e947309df7b68833531769c90131056153b67cf
-
SHA512
441c392637d41675c79c13c194442227e8aa6b7c64ac275fba90041266d57c49b1cf5849e93369e3f3cb71239d17f0366e1927ec810d542b17c6c44e351ccbd0
-
SSDEEP
6144:uy+phVTwlTLfkixFUQKf3D7TnBAZ5qhbxp:r+pP0lYixsfvDBAzK9p
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2