General
-
Target
1845c9bad9e2110c504109b82879fef6_JaffaCakes118
-
Size
461KB
-
Sample
240628-brpa7swbqn
-
MD5
1845c9bad9e2110c504109b82879fef6
-
SHA1
1ff6cb1e2326c43a058f5eb9481eb76f3b272284
-
SHA256
0c340455a596fa83ed2a959102ffe1c7824cd3d68ea0596c5fd3a505e898eea1
-
SHA512
4db97108f16331b8c58f792d0f8a0e4f7806ea75839c1e169d850a728f5f09177547b0c50d2fe7f1eb399856ba9316631d6498df33934f92f60005797763e5d5
-
SSDEEP
12288:kgmqYDRrFlnM9Hxp2wxxih9RtUSiMKTWTz10pYxQXAf4s/:kg8BlnaCwSJLKTazGyQXG4o
Static task
static1
Behavioral task
behavioral1
Sample
1845c9bad9e2110c504109b82879fef6_JaffaCakes118.exe
Resource
win7-20240508-en
Malware Config
Extracted
cybergate
2.6
Server
asmida.zapto.org:81
asmida2.zapto.org:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Browser
-
install_file
Browser.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
abcd1234
-
regkey_hkcu
HKCU
Targets
-
-
Target
1845c9bad9e2110c504109b82879fef6_JaffaCakes118
-
Size
461KB
-
MD5
1845c9bad9e2110c504109b82879fef6
-
SHA1
1ff6cb1e2326c43a058f5eb9481eb76f3b272284
-
SHA256
0c340455a596fa83ed2a959102ffe1c7824cd3d68ea0596c5fd3a505e898eea1
-
SHA512
4db97108f16331b8c58f792d0f8a0e4f7806ea75839c1e169d850a728f5f09177547b0c50d2fe7f1eb399856ba9316631d6498df33934f92f60005797763e5d5
-
SSDEEP
12288:kgmqYDRrFlnM9Hxp2wxxih9RtUSiMKTWTz10pYxQXAf4s/:kg8BlnaCwSJLKTazGyQXG4o
-
Adds policy Run key to start application
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-