General

  • Target

    0c3d28a6c79603b79f9eb0eed4497336_JaffaCakes118

  • Size

    290KB

  • MD5

    0c3d28a6c79603b79f9eb0eed4497336

  • SHA1

    0ab43d49f8dccf46478f12e400866fe01b1fcfd1

  • SHA256

    a2fa30f1a63ac49c3182f80733dd17772fd867449cd91329716f7653fe7a4eee

  • SHA512

    1b4823671e77953a3b0011abcceee0a215ccfa159cf39505d8ea6cc4d52659b365ca22a1e0c5f5a7d7f5a654b0baa37ca92a2ec2eeabbcbecc3c34146a04d756

  • SSDEEP

    6144:QWcD6ahhjr5JGmrpQsK3RD2uG70juZCJsCxCk:JcD6a3qZ2jkfaCxJ

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ÖÍíÉ

C2

wael1.no-ip.biz:81

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    5

  • ftp_password

    wael

  • ftp_port

    21

  • ftp_server

    ftp.server.com

  • ftp_username

    ftp_user

  • injected_process

    svchost.exe

  • install_dir

    windows.

  • install_file

    windows.exe

  • install_flag

    true

  • keylogger_enable_ftp

    true

  • message_box_caption

    texto da mensagem

  • message_box_title

    t?tulo da mensagem

  • password

    wael

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0c3d28a6c79603b79f9eb0eed4497336_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections