Overview

overview

10

Static

static

10

051d0d62cb...18.exe

windows7-x64

10

051d0d62cb...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    051d0d62cb8cabe2c376122281a4caa0_JaffaCakes118

  • Size

    650KB

  • MD5

    051d0d62cb8cabe2c376122281a4caa0

  • SHA1

    5fd10e2c6e034fc7e43adff5162dc3e389de914d

  • SHA256

    3ea1a5fad73a3dad2063f84ee13ed9bb48d1992bff3865caf331b156432ec1cd

  • SHA512

    df98c90bfc52933c98ad9003fd6fd0c7efd657eeb192a97901a0ee761c28084dfe2cbc3951b0fc33519df8cabd3272d93005227090817820ca293d2928b90b6a

  • SSDEEP

    12288:3cD66IQ4dLOSwCDfJqlE6uGiGSAlVLuBRzXA2oAMHVB66EYAUTS9D/ksSzQR:3rLtwCc26uGi2VCHXSBzTaDMsAQR

Score
10/10
boughtcybergate

Malware Config

Extracted

Family

cybergate

Version

2.7 Final

Botnet

bought

C2

nzz.no-ip.info:21

nzz.no-ip.info:81

nzz.no-ip.info:82
Mutex

LKB39GBOIRBGOIWEK

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    default.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    An attempt was made to load a program with an incorrect format. Make sure you are using this on the correct Windows OS that was mentioned.

  • message_box_title

    ERROR_BAD_FORMAT [11 (0xB)]

  • password

    cr4zytown

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 051d0d62cb8cabe2c376122281a4caa0_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections