General

  • Target

    2f27b7bf66e44ce9772ca559fc2e34e7_JaffaCakes118

  • Size

    290KB

  • MD5

    2f27b7bf66e44ce9772ca559fc2e34e7

  • SHA1

    ca4fea50cca85ee7b3915a885dd944dc3edca1e1

  • SHA256

    4a5287249c19bbd97cb6be7169b152729dd1e6333da3b08056d6d04aa43bacd9

  • SHA512

    fd951454c9e5fa8561fe0c1e9b32893478cabd880caae2b082d2b8d39442e1ca6cf073523b31db4c46ad69633d1be8edc9d77c5f1021e518d91193880a586545

  • SSDEEP

    6144:BOpTlFlqWhdBCkWYxuukP1pjSKSNVkq/MVJbA:BwTl7TBd47GLRMTbA

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

ÖÍÇíÇ

C2

anas12.zapto.org:195

Mutex

FBO7TVAQS7IP1N

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    windows12

  • install_file

    sys12.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    anas1417

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2f27b7bf66e44ce9772ca559fc2e34e7_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections