General
-
Target
JaffaCakes118_d7b7fcb7c0a1d8db931107997a7bece5
-
Size
696KB
-
Sample
250424-wkdlcavjy4
-
MD5
d7b7fcb7c0a1d8db931107997a7bece5
-
SHA1
b0e15f7a038c1b94ad181504235b40f9a86cc5f5
-
SHA256
8f0f62163f8566242e53130273dc63cfc71dc45321b7a9001b26318c65a8c4cc
-
SHA512
855c44c5cc77211db234bdddd08741e1a66f959b91d7f497403105ad325705dc18cc90f072f1bfebb664a94580566fe87df68faa18f21e82c34dd2c14507179d
-
SSDEEP
12288:t96HWMNrb7X9ip1O+PUGhvKVKVkouf2rGsPYishp1Pw/426jeCuuH7lXij5hC+oj:y2YHJ+2YWKq6Yog2ti7lSjDog
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_d7b7fcb7c0a1d8db931107997a7bece5.exe
Resource
win10v2004-20250410-en
Malware Config
Extracted
cybergate
v1.07.5
G2101
tranoglaros13.zapto.org:39440
192.168.0.10:100
632JQN3UD5B417
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Windows .NET
-
install_file
svchost.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
keygen.exe ist keine zulässige Win32-Anwendung
-
message_box_title
Windows
-
password
27042704
-
regkey_hkcu
Windows .NET
-
regkey_hklm
Windows .NET
Extracted
latentbot
tranoglaros13.zapto.org
Targets
-
-
Target
JaffaCakes118_d7b7fcb7c0a1d8db931107997a7bece5
-
Size
696KB
-
MD5
d7b7fcb7c0a1d8db931107997a7bece5
-
SHA1
b0e15f7a038c1b94ad181504235b40f9a86cc5f5
-
SHA256
8f0f62163f8566242e53130273dc63cfc71dc45321b7a9001b26318c65a8c4cc
-
SHA512
855c44c5cc77211db234bdddd08741e1a66f959b91d7f497403105ad325705dc18cc90f072f1bfebb664a94580566fe87df68faa18f21e82c34dd2c14507179d
-
SSDEEP
12288:t96HWMNrb7X9ip1O+PUGhvKVKVkouf2rGsPYishp1Pw/426jeCuuH7lXij5hC+oj:y2YHJ+2YWKq6Yog2ti7lSjDog
-
Cybergate family
-
Latentbot family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-