General
-
Target
83b43fd523d7a8e1d2c7b27590c985c3_JaffaCakes118
-
Size
1.1MB
-
Sample
241031-1z3agavrfp
-
MD5
83b43fd523d7a8e1d2c7b27590c985c3
-
SHA1
ae15c1dbbb72bdc0a01ed707600eac38e9ebd9b2
-
SHA256
bbb56438623b9dfc8746d5227ece3ef8c4517330c731e11b2dddef08dacd268e
-
SHA512
2b3681c20771f2aa24ec97c2fdc5b84b63cba17e82b2488b1d83e70b565da6c8a59a954ad84dfbfa42f02b52a090489534d7f5f5c956ddceeaf9d4173dbc88b3
-
SSDEEP
24576:YKwQrsiK3Sr0ckHCb2yXPseg3oxy8RacZOkll:YKl83VckHcPsx4xynAOC
Static task
static1
Behavioral task
behavioral1
Sample
83b43fd523d7a8e1d2c7b27590c985c3_JaffaCakes118.exe
Resource
win7-20240903-en
Malware Config
Extracted
cybergate
2.6
Vitima
estudos.no-ip.org:2000
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
Anti-Virus.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
123
-
regkey_hkcu
Anti-Virus
-
regkey_hklm
Anti-Virus
Targets
-
-
Target
83b43fd523d7a8e1d2c7b27590c985c3_JaffaCakes118
-
Size
1.1MB
-
MD5
83b43fd523d7a8e1d2c7b27590c985c3
-
SHA1
ae15c1dbbb72bdc0a01ed707600eac38e9ebd9b2
-
SHA256
bbb56438623b9dfc8746d5227ece3ef8c4517330c731e11b2dddef08dacd268e
-
SHA512
2b3681c20771f2aa24ec97c2fdc5b84b63cba17e82b2488b1d83e70b565da6c8a59a954ad84dfbfa42f02b52a090489534d7f5f5c956ddceeaf9d4173dbc88b3
-
SSDEEP
24576:YKwQrsiK3Sr0ckHCb2yXPseg3oxy8RacZOkll:YKl83VckHcPsx4xynAOC
-
Cybergate family
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-