General
-
Target
JaffaCakes118_7a9555594835b0f68156178d569eb0a1
-
Size
281KB
-
Sample
250104-tjvgcsymel
-
MD5
7a9555594835b0f68156178d569eb0a1
-
SHA1
1a7457797a20669d39a6d95fb767dd4019121818
-
SHA256
e2dc963f116a20707c8baf42238a027d805c9a87d0c0538448fe18ae770d43e1
-
SHA512
a418517d00fc949f7b60544d46d57966ab1a8ca3d473130ce415ebf413c91910bf1d714d46698e1d9fe77d341cfa5f1a3b35791897ffcde1848e384bc0587a73
-
SSDEEP
6144:gScrLw24mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXij5:xcoRy78QSVnNyhsFMCeSj5
Malware Config
Extracted
cybergate
v1.18.0 - Crack Version
remote
haha2424.zapto.org:43594
74F7756D5L3H78
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
12345
Targets
-
-
Target
JaffaCakes118_7a9555594835b0f68156178d569eb0a1
-
Size
281KB
-
MD5
7a9555594835b0f68156178d569eb0a1
-
SHA1
1a7457797a20669d39a6d95fb767dd4019121818
-
SHA256
e2dc963f116a20707c8baf42238a027d805c9a87d0c0538448fe18ae770d43e1
-
SHA512
a418517d00fc949f7b60544d46d57966ab1a8ca3d473130ce415ebf413c91910bf1d714d46698e1d9fe77d341cfa5f1a3b35791897ffcde1848e384bc0587a73
-
SSDEEP
6144:gScrLw24mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXij5:xcoRy78QSVnNyhsFMCeSj5
Score8/10-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1