General
-
Target
127663a56ef558aa02b3faf92af6a4b0_JaffaCakes118
-
Size
820KB
-
Sample
240626-steyzstbnr
-
MD5
127663a56ef558aa02b3faf92af6a4b0
-
SHA1
18052cbda17f00238063f85a164fc969984908f3
-
SHA256
af3fff6ee8a77d81a0ca7d9e377da82f7c31ce76391e1f0b181df2f5aceaa634
-
SHA512
cc28f4be5bb5e71537f3b7c9d656575c9787cb34276cadc1faa8e871c1d96f60bb66889f2b06c5ce545910c55d051899b266ae16bf64d31f44923c727fd6a4b0
-
SSDEEP
12288:dFX4TXiHQ+MvHgZ5m4Niz/qV1xl8FfY+mY27d07L0FtOiG3BNQ97XWfCm3V7tVF2:H8XL+dRfTu7SXP81fqcU
Static task
static1
Behavioral task
behavioral1
Sample
127663a56ef558aa02b3faf92af6a4b0_JaffaCakes118.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
127663a56ef558aa02b3faf92af6a4b0_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
cybergate
v1.07.5
cyber
miauw.no-ip.biz:82
11T463SI2JI1M4
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
Targets
-
-
Target
127663a56ef558aa02b3faf92af6a4b0_JaffaCakes118
-
Size
820KB
-
MD5
127663a56ef558aa02b3faf92af6a4b0
-
SHA1
18052cbda17f00238063f85a164fc969984908f3
-
SHA256
af3fff6ee8a77d81a0ca7d9e377da82f7c31ce76391e1f0b181df2f5aceaa634
-
SHA512
cc28f4be5bb5e71537f3b7c9d656575c9787cb34276cadc1faa8e871c1d96f60bb66889f2b06c5ce545910c55d051899b266ae16bf64d31f44923c727fd6a4b0
-
SSDEEP
12288:dFX4TXiHQ+MvHgZ5m4Niz/qV1xl8FfY+mY27d07L0FtOiG3BNQ97XWfCm3V7tVF2:H8XL+dRfTu7SXP81fqcU
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-