General
-
Target
JaffaCakes118_18481e117edf894504eec1b2be47b352
-
Size
403KB
-
Sample
250222-jsmg1atkt5
-
MD5
18481e117edf894504eec1b2be47b352
-
SHA1
ff6cc51577ff8f24b91539523c7d77fd18daeede
-
SHA256
2457e6149fb8fec81c6f40e0c575df1ca1a8bbbc6bc7fb02de427d652aa8dddc
-
SHA512
733aa74363b8085dc148e4073cc901e599f7df0cf7c2f22b8b5c35aabd3f6043c25d719c04b0aecd9cb5f86adec5ac77db9cf4f1daf3e526874a03c5fa1e664d
-
SSDEEP
6144:f4ABF94NpAuO/50BTnqPd0Mpz7qhh4nXjjf8MZ9BKXKxLMGcPJDgUTPkZ5RjHXm7:QU7GLE0kuGnESBqGgiUTMZjXq
Behavioral task
behavioral1
Sample
JaffaCakes118_18481e117edf894504eec1b2be47b352.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_18481e117edf894504eec1b2be47b352.exe
Resource
win10v2004-20250217-en
Malware Config
Extracted
cybergate
v1.04.8
remote
amjadd.no-ip.biz:676
GLATG02612PVJM
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
JaffaCakes118_18481e117edf894504eec1b2be47b352
-
Size
403KB
-
MD5
18481e117edf894504eec1b2be47b352
-
SHA1
ff6cc51577ff8f24b91539523c7d77fd18daeede
-
SHA256
2457e6149fb8fec81c6f40e0c575df1ca1a8bbbc6bc7fb02de427d652aa8dddc
-
SHA512
733aa74363b8085dc148e4073cc901e599f7df0cf7c2f22b8b5c35aabd3f6043c25d719c04b0aecd9cb5f86adec5ac77db9cf4f1daf3e526874a03c5fa1e664d
-
SSDEEP
6144:f4ABF94NpAuO/50BTnqPd0Mpz7qhh4nXjjf8MZ9BKXKxLMGcPJDgUTPkZ5RjHXm7:QU7GLE0kuGnESBqGgiUTMZjXq
Score3/10 -