General
-
Target
JaffaCakes118_6019867eb20ee1ba74a00dbe87669950
-
Size
474KB
-
Sample
250101-xjebxsykat
-
MD5
6019867eb20ee1ba74a00dbe87669950
-
SHA1
46d48fd1b7867d0e469e7dd0f1ea45c155695aba
-
SHA256
48cc0194dfeaa64d979edd26143e45f2fa365141ef805bdc5d7969f56caffc34
-
SHA512
3e63bf818b72e738c119eab4d5a54326011b08f258b4214a84dc141292bb846f3fb9d7df308e63cf5369189828c2aa6f682466461ce1c20eb5ff9108dc528777
-
SSDEEP
12288:xne4FCLCYgLJp6gqTmwuBnalvhFgAcCPhPCBuDpP7:9D6yb6gqTmwuMLFgvOhPCB0h7
Behavioral task
behavioral1
Sample
Razer Hacker Injector/Razer Hacker Injector CA-BR.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Razer Hacker Injector/Razer Hacker Injector CA-BR.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Razer Hacker Injector/sccsf.js
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Razer Hacker Injector/sccsf.js
Resource
win10v2004-20241007-en
Malware Config
Extracted
cybergate
2.7 Beta 02
vítima
eusoualenda.no-ip.biz:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
system.exe
-
install_dir
install
-
install_file
svcc.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
123
-
regkey_hkcu
Win32
-
regkey_hklm
Win32
Targets
-
-
Target
Razer Hacker Injector/Razer Hacker Injector CA-BR.exe
-
Size
1.6MB
-
MD5
689170f650be7826ceb4afdcd9b39711
-
SHA1
4420348d6697e46fe61ac74f0c708d965366fbd9
-
SHA256
380cee2589fecc487d1c3d1b8a6c84ad8a747a1816fab041471de6dc2b03428b
-
SHA512
633317ee7d5a9db5d0fb9cd1e5f322f0a8f1225aa1955c1c24a857551eba6ab022c6f7132c970dab19f0d444dcddae69162bc370a47fa78f67a52bad4ee89dfa
-
SSDEEP
12288:CcD663W51TLUsWwgsxmnYGtctBSXYAEJwpCQKURf:Cv59UsWLsknYHB3+0QVRf
-
Cybergate family
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
Razer Hacker Injector/sccsf.dll
-
Size
344KB
-
MD5
666ed0ceca943858e373aaa313e76e00
-
SHA1
f7c87f1f5aa48d688ae1099ae8d927fc2d8f2918
-
SHA256
72ccd5ce63784577d003dd10d6c8660a5a76e1f4536f0b3befe40a1975d44fd6
-
SHA512
77e9f7ba6785906405a7104b421154411b76fc8ecbf78b2e54c7f8c04889d324fc59fa155748c80f1e9d0df44e7c20b6292168c4a147840b11856b90ffdac32c
-
SSDEEP
6144:GCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbB:1
Score3/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2