Overview

overview

10

Static

static

10

1562ea6ccb...18.exe

windows7-x64

10

1562ea6ccb...18.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    1562ea6ccbc11556a2fbc40aeaf1897d_JaffaCakes118

  • Size

    296KB

  • MD5

    1562ea6ccbc11556a2fbc40aeaf1897d

  • SHA1

    d3e9413c1ede49d83be13b118c861cbe41b3e6c2

  • SHA256

    a0a68998aa0bfaf84e34c7ff5c339a82126887895a38f1d91bf07a9069cefceb

  • SHA512

    44572ee9589c46f1fe2d009f77b5b199343e506257613ccf8de524fc57e590ec04d102a760aade26bfb23fb4a16f81c242ae98e34ae28382aaa51568d10725aa

  • SSDEEP

    6144:POpslFlqLhdBCkWYxuukP1pjSKSNVkq/MVJbR:PwslgTBd47GLRMTbR

Score
10/10
remotecybergate

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

remote

C2

etis.no-ip.biz:100

Mutex

5J67372O7SI8C2

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    WinDir

  • install_file

    rafaella.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    The file you are searching for has been deleted.

  • message_box_title

    Error

  • password

    etis

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1562ea6ccbc11556a2fbc40aeaf1897d_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections