General
-
Target
1acf54ec60f5d396a538fb0fc2c6adc0_JaffaCakes118
-
Size
466KB
-
Sample
240701-lplseaxfpl
-
MD5
1acf54ec60f5d396a538fb0fc2c6adc0
-
SHA1
00d2f9c81d194ac3906d0389cd9d57270c382fbd
-
SHA256
04ac239c341555c6688bc7af1ad53b41851e57750bee18461c644a8c685913f6
-
SHA512
f42834bc7d5092745e0a987ad82c69022a8dfe067483d9a9dc382cdb54d1acd6bb8abf8ace4d81bf547d7bfaa11879af70ccc0b4b0c4fa3c5534914c7b81ebd7
-
SSDEEP
12288:sYRYC1675NpOIKQbSiCT8/1NJ4d95HBVgk5:oCMFWiWiCT/BVgk5
Static task
static1
Behavioral task
behavioral1
Sample
1acf54ec60f5d396a538fb0fc2c6adc0_JaffaCakes118.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
1acf54ec60f5d396a538fb0fc2c6adc0_JaffaCakes118.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
cybergate
2.6
ifectedcami
69cami69.no-ip.biz:2000
esoes
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Win32
-
install_file
notepad.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
abcd1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
1acf54ec60f5d396a538fb0fc2c6adc0_JaffaCakes118
-
Size
466KB
-
MD5
1acf54ec60f5d396a538fb0fc2c6adc0
-
SHA1
00d2f9c81d194ac3906d0389cd9d57270c382fbd
-
SHA256
04ac239c341555c6688bc7af1ad53b41851e57750bee18461c644a8c685913f6
-
SHA512
f42834bc7d5092745e0a987ad82c69022a8dfe067483d9a9dc382cdb54d1acd6bb8abf8ace4d81bf547d7bfaa11879af70ccc0b4b0c4fa3c5534914c7b81ebd7
-
SSDEEP
12288:sYRYC1675NpOIKQbSiCT8/1NJ4d95HBVgk5:oCMFWiWiCT/BVgk5
Score10/10-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-