General
-
Target
1b69387a295df5aea1c2c4384341b10f_JaffaCakes118
-
Size
301KB
-
Sample
240701-qbzjkawgpq
-
MD5
1b69387a295df5aea1c2c4384341b10f
-
SHA1
bef8820c335612a9359b2238212ff9ab39d18479
-
SHA256
f2d364284ad982f2c892d55b78160c3a04c3807be0c15ae29dc59b1a0797704f
-
SHA512
545f446c9363649dd3884f6d69ff1e2f83442597a1391bc2c80048829b96a4f4e6c23db38480c5b3dada5b1d6696724bda71f575b6cb769b68c5fd7749d91078
-
SSDEEP
6144:MmcD66RRjC5JGmrpQsK3RD2u270jupCJsCxCS:9cD663bZ2zkPaCxR
Behavioral task
behavioral1
Sample
1b69387a295df5aea1c2c4384341b10f_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
cybergate
2.6
Swat Team
jesica1.no-ip.biz:82
jesica.no-ip.biz:82
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
sytsem 32
-
install_file
mictosoft.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
lololol
-
message_box_title
lolol
-
password
123456
-
regkey_hkcu
java
-
regkey_hklm
java
Targets
-
-
Target
1b69387a295df5aea1c2c4384341b10f_JaffaCakes118
-
Size
301KB
-
MD5
1b69387a295df5aea1c2c4384341b10f
-
SHA1
bef8820c335612a9359b2238212ff9ab39d18479
-
SHA256
f2d364284ad982f2c892d55b78160c3a04c3807be0c15ae29dc59b1a0797704f
-
SHA512
545f446c9363649dd3884f6d69ff1e2f83442597a1391bc2c80048829b96a4f4e6c23db38480c5b3dada5b1d6696724bda71f575b6cb769b68c5fd7749d91078
-
SSDEEP
6144:MmcD66RRjC5JGmrpQsK3RD2u270jupCJsCxCS:9cD663bZ2zkPaCxR
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-