General

  • Target

    228ff578421a90d61ff535a25bd4b693_JaffaCakes118

  • Size

    289KB

  • MD5

    228ff578421a90d61ff535a25bd4b693

  • SHA1

    a6abbbee693b7f99d5d2078933caaac3598cd737

  • SHA256

    eec70276c9833cdd6c37eac5829317254a1faa5306ed229a77de7df75bfb9385

  • SHA512

    f6b40ae991cc8f75e045481dc5ed9a9bb27fd69302e6eff56a76e4918155bb6e47fa26949eb741537c1f070ee9649c78e6bd6299da9e4bfbc114ecae6fb411dc

  • SSDEEP

    6144:mOpslFlq9hdBCkWYxuukP1pjSKSNVkq/MVJbU:mwslwTBd47GLRMTbU

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Hacker123

C2

arzarithomas.no-ip.org:81

Mutex

8M34RGUAXF56FK

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    Windir

  • install_file

    server123.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    It's good.

  • message_box_title

    Good

  • password

    123456

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 228ff578421a90d61ff535a25bd4b693_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections