General
-
Target
1cb5d43615af31015a0a775bb3dd82f7_JaffaCakes118
-
Size
1.2MB
-
Sample
240701-18wjaatblc
-
MD5
1cb5d43615af31015a0a775bb3dd82f7
-
SHA1
c9e5949e239d8040e5d01b56bbbfaf83c8923aa9
-
SHA256
6710afb49295a4ac5c0d33e7d75f5efb351dcc1bec212571a278dfb5fa19352c
-
SHA512
cfbe19da74e8b3b2f8eea37b265aa928c6ab3377af53bd0bb97c8bc423e56ac5062f84688363933f77fc8dac7075c8ad50a3939e2f9ccedbfaa173bb4f116cff
-
SSDEEP
12288:8YFmQXJGw4hFmLY2gvmIqyaz9fFxpA2n+/j48qA1Q4fz3QL1yBngz1zEuZEQc2x3:5Ggdyah9Lgcu3xCO1TpODT
Static task
static1
Behavioral task
behavioral1
Sample
1cb5d43615af31015a0a775bb3dd82f7_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
cybergate
2.6
vítima
127.0.0.1:2000
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Windows
-
install_file
Windows.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
1cb5d43615af31015a0a775bb3dd82f7_JaffaCakes118
-
Size
1.2MB
-
MD5
1cb5d43615af31015a0a775bb3dd82f7
-
SHA1
c9e5949e239d8040e5d01b56bbbfaf83c8923aa9
-
SHA256
6710afb49295a4ac5c0d33e7d75f5efb351dcc1bec212571a278dfb5fa19352c
-
SHA512
cfbe19da74e8b3b2f8eea37b265aa928c6ab3377af53bd0bb97c8bc423e56ac5062f84688363933f77fc8dac7075c8ad50a3939e2f9ccedbfaa173bb4f116cff
-
SSDEEP
12288:8YFmQXJGw4hFmLY2gvmIqyaz9fFxpA2n+/j48qA1Q4fz3QL1yBngz1zEuZEQc2x3:5Ggdyah9Lgcu3xCO1TpODT
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-