General
-
Target
25c3eceda2155158baccac47b6d7688f_JaffaCakes118
-
Size
260KB
-
Sample
240704-wybnxasbmp
-
MD5
25c3eceda2155158baccac47b6d7688f
-
SHA1
3e07422520fff406ade6d0e1fc5c98a9e9e78060
-
SHA256
df8b8ba413310cee7f860db4661299e5e2dfe40e3cc1d37c5bad1b3f7387f264
-
SHA512
c657c50c0c02c0dc2295bec3b14bb129346c0af0759c8d49b1278d123ce5afe5dbe4ee9201c0c4620d5cbcacd291949577222a1368e5917e0ebf2ec369c44c7e
-
SSDEEP
6144:U6I4TLX+QfuxWJD328OyIGim6fdtz4BEkvE0Ljz7K9JxR:VIWOIuyOTHWTvz297R
Static task
static1
Behavioral task
behavioral1
Sample
25c3eceda2155158baccac47b6d7688f_JaffaCakes118.exe
Resource
win7-20240611-en
Malware Config
Extracted
cybergate
2.6
vítima
fkky.3322.org:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Targets
-
-
Target
25c3eceda2155158baccac47b6d7688f_JaffaCakes118
-
Size
260KB
-
MD5
25c3eceda2155158baccac47b6d7688f
-
SHA1
3e07422520fff406ade6d0e1fc5c98a9e9e78060
-
SHA256
df8b8ba413310cee7f860db4661299e5e2dfe40e3cc1d37c5bad1b3f7387f264
-
SHA512
c657c50c0c02c0dc2295bec3b14bb129346c0af0759c8d49b1278d123ce5afe5dbe4ee9201c0c4620d5cbcacd291949577222a1368e5917e0ebf2ec369c44c7e
-
SSDEEP
6144:U6I4TLX+QfuxWJD328OyIGim6fdtz4BEkvE0Ljz7K9JxR:VIWOIuyOTHWTvz297R
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-