General
-
Target
07f912c15a18c6d82a68f42a00b5023b_JaffaCakes118
-
Size
316KB
-
Sample
240624-mjkhts1dkn
-
MD5
07f912c15a18c6d82a68f42a00b5023b
-
SHA1
853f67bc085ca54281a5bfa840493bdc650548b5
-
SHA256
5a7890ad2d6f9ddc00c9e9dda0a3cb3170330ffe911e75ac3cdf62913ef82cca
-
SHA512
e026d058de8265ebe327591cceed64e6096fdb5359f7fba6ced60eb83edc5aaa52f872a477c65ecbc5a7b0d0410f1010488ff196420730c041a59485c4eda0ea
-
SSDEEP
6144:v+G1qg5B+8q5zT0YSCuWOTWdD+gzDwbs7X9KjJLL0IeV6y:v5qIBdqbtjaUwbsrIJf0Iesy
Static task
static1
Behavioral task
behavioral1
Sample
07f912c15a18c6d82a68f42a00b5023b_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
cybergate
2.6
vítima
aw.no-ip.biz:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
System32
-
install_file
cftmon.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Aygýt yüklemesi sýrasýnda bir sorun olustu. Lütfen daha sonra tekrar deneyin
-
message_box_title
Uyarý
-
password
abcd1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
07f912c15a18c6d82a68f42a00b5023b_JaffaCakes118
-
Size
316KB
-
MD5
07f912c15a18c6d82a68f42a00b5023b
-
SHA1
853f67bc085ca54281a5bfa840493bdc650548b5
-
SHA256
5a7890ad2d6f9ddc00c9e9dda0a3cb3170330ffe911e75ac3cdf62913ef82cca
-
SHA512
e026d058de8265ebe327591cceed64e6096fdb5359f7fba6ced60eb83edc5aaa52f872a477c65ecbc5a7b0d0410f1010488ff196420730c041a59485c4eda0ea
-
SSDEEP
6144:v+G1qg5B+8q5zT0YSCuWOTWdD+gzDwbs7X9KjJLL0IeV6y:v5qIBdqbtjaUwbsrIJf0Iesy
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-