General
-
Target
13cb410fc1864eedb27891329e8cf1b4_JaffaCakes118
-
Size
1.1MB
-
Sample
240626-2ygg2syfkb
-
MD5
13cb410fc1864eedb27891329e8cf1b4
-
SHA1
569690ff10720a1629d9d5dfeedbbde4f1b0234f
-
SHA256
eea4b5c6d62954d28de56208fc59eae58741e74b00db4b9f76fbdf3886f74c3f
-
SHA512
a8dc4571b3c77cd362861a11b41b53fb822d7404b3be70fdf4f2c7aeae6cd87387483f5116c8d5c1fed346d05602cbe66a454d6a80e1fa31f04b244ec0133e84
-
SSDEEP
3072:suwxahDs0DxxhiqMpjrWnLDreQMapB8xf60AkKzs4/wDOVaqS5EaEDEabDWeGzJC:sgx
Static task
static1
Behavioral task
behavioral1
Sample
13cb410fc1864eedb27891329e8cf1b4_JaffaCakes118.exe
Resource
win7-20240221-en
Malware Config
Extracted
cybergate
2.6
vítima
parrain.zapto.org:81
45646
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
serr.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
This Photo Can't Appear in Your Computer
-
message_box_title
Error
-
password
0
-
regkey_hklm
HKLM
Targets
-
-
Target
13cb410fc1864eedb27891329e8cf1b4_JaffaCakes118
-
Size
1.1MB
-
MD5
13cb410fc1864eedb27891329e8cf1b4
-
SHA1
569690ff10720a1629d9d5dfeedbbde4f1b0234f
-
SHA256
eea4b5c6d62954d28de56208fc59eae58741e74b00db4b9f76fbdf3886f74c3f
-
SHA512
a8dc4571b3c77cd362861a11b41b53fb822d7404b3be70fdf4f2c7aeae6cd87387483f5116c8d5c1fed346d05602cbe66a454d6a80e1fa31f04b244ec0133e84
-
SSDEEP
3072:suwxahDs0DxxhiqMpjrWnLDreQMapB8xf60AkKzs4/wDOVaqS5EaEDEabDWeGzJC:sgx
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-