Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
24-06-2024 07:26
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
072e83174cd7f2124bab34f5ea4ed995_JaffaCakes118.exe
Resource
win7-20240220-en
windows7-x64
1 signatures
150 seconds
General
-
Target
072e83174cd7f2124bab34f5ea4ed995_JaffaCakes118.exe
-
Size
277KB
-
MD5
072e83174cd7f2124bab34f5ea4ed995
-
SHA1
01936fc7ece2ff9ad6a85096458a6a0e4cf79fe1
-
SHA256
0de390f981d88d0b20e8c34d0ec5398e526458c65f2e6a62d4614f613062763b
-
SHA512
5c233ea3eb01287ef732c58d1046bc7d7297bad929447fca96ed50dc05ec2abcb47a7bacfb559737693934145ec3ddae749d101689bbc2adc819a02c731458f5
-
SSDEEP
6144:RP/8HqObc3dZ9Whv7+OYWgBnEexRYUqD15MIjMGHsiQ/gVGZPphw:RXIq93djk6OYWgBLRTQ1vjhQ/FP7w
Malware Config
Extracted
Family
cybergate
Version
2.6
Botnet
vítima
C2
bolinha130.no-ip.org:11223
Mutex
***MUTEX***
Attributes
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Windows Update
-
install_file
explorer.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Arquivo danificado
-
message_box_title
ERROR
-
password
123
-
regkey_hkcu
win32
-
regkey_hklm
win32