Overview

overview

10

Static

static

10

3227943e93...18.exe

windows7-x64

10

3227943e93...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3227943e938ee593cfbb392e974ccc26_JaffaCakes118

  • Size

    2.4MB

  • MD5

    3227943e938ee593cfbb392e974ccc26

  • SHA1

    9904517fda3d23422a08818dcd181edd8c2d29bf

  • SHA256

    ead66f5e1e07aaf99cfe3196a9b96a675921b8ffdd031d0617505ae9784ebe9a

  • SHA512

    ae8f984b3eef0b6aaa25bf5c5e36150cad5df1c22de620529ec7a6f0725fdd23545c6f53dcac7a2ab0102d135397f11086c587aed920bfcef286b1ff1f8b7f8f

  • SSDEEP

    49152:qsT7UrDGxAy7F662A9xey+sL2LSNLnxvtB9moOPf7:q8UrDGxAyH2Aey+CtB9hOPT

Score
10/10
blaztercybergate

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

BLazteR

C2

izzyku.no-ip.biz:2332

Mutex

6DWD70W81582H4

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    123456

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3227943e938ee593cfbb392e974ccc26_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections