General
-
Target
e7e6e31dc345a529cb96cbd8637e926c_JaffaCakes118
-
Size
296KB
-
Sample
240408-ty1a6ahb51
-
MD5
e7e6e31dc345a529cb96cbd8637e926c
-
SHA1
1d0d9871167abf51890542f168af8e6beea95b62
-
SHA256
e6ec367535247adb71735febaf6af9f1fa85fd0f37bb92b367d048b34a3dede1
-
SHA512
5b7c5df535fa5d0c568afe82e2b88d002156a3c70474a667ac57210ea29235d3377af676d934633d3ee53b743107cc965d61a2372dc963487f20896be3e04dd7
-
SSDEEP
6144:3OpslFlqShdBCkWYxuukP1pjSKSNVkq/MVJb6:3wslJTBd47GLRMTb6
Malware Config
Extracted
Family
cybergate
Version
v1.07.5
Botnet
Cyber
C2
abbreviate.no-ip.biz:100
Mutex
6AR37K3B60D812
Attributes
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
WinDir
-
install_file
Svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM