General
-
Target
1bc1e95a6d3b65d10e868410438cd675_JaffaCakes118
-
Size
379KB
-
Sample
240701-vbypgssgkj
-
MD5
1bc1e95a6d3b65d10e868410438cd675
-
SHA1
48aa24a88111ed1dcaf950c4a737bc40d3ab86f1
-
SHA256
12ce6a0d245623b59a275c713f72288f978fbc4c40aa03f27cef757a41fce804
-
SHA512
e72b1d29e83d282320b2c5ce3a9058f6045d05f6d1d24194c59c680f986d731312e8f37f82bd96676b09fb84bbfa7779634315d7afc60d2089953d04a94931ce
-
SSDEEP
6144:dftY0BkMccO3Ct9Ic+A8GRupRqXlF1y5WOeUglHgN4nhGQ2b/frSYUJ4DNb1hTrQ:dyLwepA8om8eiUbN4MQY+XJ4DNXTs
Static task
static1
Behavioral task
behavioral1
Sample
1bc1e95a6d3b65d10e868410438cd675_JaffaCakes118.exe
Resource
win7-20240220-en
Malware Config
Extracted
cybergate
v1.07.5
remote
rkt.no-ip.org:27015
73L2580T2MD4NK
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./public_html/logs/
-
ftp_interval
25
-
ftp_password
000webhost
-
ftp_port
21
-
ftp_server
user-host.comeze.com
-
ftp_username
a5084564
-
injected_process
windows.exe
-
install_dir
sys32
-
install_file
win32.exe
-
install_flag
true
-
keylogger_enable_ftp
true
-
message_box_caption
Program not avalaible!
-
message_box_title
Error
-
password
cybergate
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
1bc1e95a6d3b65d10e868410438cd675_JaffaCakes118
-
Size
379KB
-
MD5
1bc1e95a6d3b65d10e868410438cd675
-
SHA1
48aa24a88111ed1dcaf950c4a737bc40d3ab86f1
-
SHA256
12ce6a0d245623b59a275c713f72288f978fbc4c40aa03f27cef757a41fce804
-
SHA512
e72b1d29e83d282320b2c5ce3a9058f6045d05f6d1d24194c59c680f986d731312e8f37f82bd96676b09fb84bbfa7779634315d7afc60d2089953d04a94931ce
-
SSDEEP
6144:dftY0BkMccO3Ct9Ic+A8GRupRqXlF1y5WOeUglHgN4nhGQ2b/frSYUJ4DNb1hTrQ:dyLwepA8om8eiUbN4MQY+XJ4DNXTs
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-