General
-
Target
19c869c159bef75bd6462f24a39dc992_JaffaCakes118
-
Size
609KB
-
Sample
240628-mgkqtaxbrk
-
MD5
19c869c159bef75bd6462f24a39dc992
-
SHA1
d7d6923e161fc136cfc187a9e2505c5ed930ca66
-
SHA256
79856ccc4982e7a8728e8098715c2520f31415f0a187f3cc47809a63027d865f
-
SHA512
4e1b79dd75fb9b8feb1d4ebffe2e4515fd579b1bee4345b242ce1b12168675d92b4f71deb34a10bd03af031f301012a8f4246c45b771cdc537650aeb7b59d26f
-
SSDEEP
12288:KevQgSVWa2ugDkz+6/VPMPTW2bF/i54GTe+2MOeT4F:KeYgSMa/gY0Pau/i5yVNe
Static task
static1
Behavioral task
behavioral1
Sample
19c869c159bef75bd6462f24a39dc992_JaffaCakes118.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
19c869c159bef75bd6462f24a39dc992_JaffaCakes118.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
cybergate
2.6
2You2MeDefrag
bitcomet.hopto.org:8081
bjcenter.hopto.org:8081
127.0.0.1:81
bjcenter.hopto.org:81
bitcomet.hopto.org:81
**1AntMaI4**
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Microsoft\HDDTools\
-
install_file
Defragment.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
ilovespynet@123
-
regkey_hkcu
Defragmenter Service
-
regkey_hklm
Defragment Tool
Targets
-
-
Target
19c869c159bef75bd6462f24a39dc992_JaffaCakes118
-
Size
609KB
-
MD5
19c869c159bef75bd6462f24a39dc992
-
SHA1
d7d6923e161fc136cfc187a9e2505c5ed930ca66
-
SHA256
79856ccc4982e7a8728e8098715c2520f31415f0a187f3cc47809a63027d865f
-
SHA512
4e1b79dd75fb9b8feb1d4ebffe2e4515fd579b1bee4345b242ce1b12168675d92b4f71deb34a10bd03af031f301012a8f4246c45b771cdc537650aeb7b59d26f
-
SSDEEP
12288:KevQgSVWa2ugDkz+6/VPMPTW2bF/i54GTe+2MOeT4F:KeYgSMa/gY0Pau/i5yVNe
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-