General

  • Target

    2362bccf048a0850f1d65b484d8577c8_JaffaCakes118

  • Size

    305KB

  • Sample

    240703-xetwtavang

  • MD5

    2362bccf048a0850f1d65b484d8577c8

  • SHA1

    c4c10047b750a55dd1d87a175de2dfb77ac19715

  • SHA256

    626d473ec5ad5e5a288bbcda158f6b667d4f9dceecf4dfed9880fb24878a92d4

  • SHA512

    868ee442a471972146514fb91389a1ab0e54819a5535538a3fbd2969793d2c558076714c4af3dea6957c201c82db283860fc9729e3a55d7a6c40015b75c3a120

  • SSDEEP

    6144:XOpslFlqVhdBCkWYxuukP1pjSKSNVkq/MVJb:XwslOTBd47GLRMTb

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

victimas

C2

bombilla.zapto.org:4662

denis77.zapto.org:4662

Mutex

5K23C8M2203M4U

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    Windows

  • install_file

    Windows.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    1234

  • regkey_hkcu

    services

  • regkey_hklm

    services

Targets

    • Target

      2362bccf048a0850f1d65b484d8577c8_JaffaCakes118

    • Size

      305KB

    • MD5

      2362bccf048a0850f1d65b484d8577c8

    • SHA1

      c4c10047b750a55dd1d87a175de2dfb77ac19715

    • SHA256

      626d473ec5ad5e5a288bbcda158f6b667d4f9dceecf4dfed9880fb24878a92d4

    • SHA512

      868ee442a471972146514fb91389a1ab0e54819a5535538a3fbd2969793d2c558076714c4af3dea6957c201c82db283860fc9729e3a55d7a6c40015b75c3a120

    • SSDEEP

      6144:XOpslFlqVhdBCkWYxuukP1pjSKSNVkq/MVJb:XwslOTBd47GLRMTb

    Score
    1/10

MITRE ATT&CK Matrix

Tasks