Overview

overview

10

Static

static

10

2bba32328f...18.exe

windows7-x64

10

2bba32328f...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2bba32328f1b498b440d9ccf3dedd24d_JaffaCakes118

  • Size

    1.4MB

  • MD5

    2bba32328f1b498b440d9ccf3dedd24d

  • SHA1

    1fd16d79983b4f142c679225f4c544335ecb2f8e

  • SHA256

    af66df64a1bfeee97ff007eef1914c030570a95a5d95cb6bc46a961d37daf947

  • SHA512

    847aef35621e69ce1eeb5d2243294e17b5837dc9ed2ae5a15b2804ae22c35588e5d37fb1d92098d1a3a4458af043ed8ce81d2f7bbe10eac2e8b65e6039ebd3e7

  • SSDEEP

    6144:ymcD66R0bsH9KSjzkY5xtEQD+GF5JGmrpQsK3RD2u270jupCJsCxCfIEu7QmH9K8:XcD66zYZ2zkPaCxKC

Score
10/10
upxvítimacybergate

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

127.0.0.1:81

win32updatesx64.sytes.net:85
Mutex

***Dropex***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    Win62

  • install_file

    Update_x64.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    This program is not compatible with your system

  • message_box_title

    FATAL ERROR

  • password

    abcd1234

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
    cybergate
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2bba32328f1b498b440d9ccf3dedd24d_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections