General
-
Target
31616ce2506f68481743a3b8a8bad7e7_JaffaCakes118
-
Size
336KB
-
MD5
31616ce2506f68481743a3b8a8bad7e7
-
SHA1
14ce1ead5ec3b6ad8064a3f0ffb830db4b9a8376
-
SHA256
b195a95794274e9982c68d198a8f31c1a0a243eea8971964fac4bc71054b869d
-
SHA512
fae52cf1bf12345f46f66a72372260aa3b6a61d526eae90ab6c5a9262c68478602302bde6281cd8f0475ad189ede3f6aa0933a0222e1b459ac3dc22623af7f2b
-
SSDEEP
6144:F4ABF6pAuO/50BTnqPd0Mpz7qhh4nXjjf8MZ9BKXK6IB:uUzGLE0kuGnESB
Score
10/10
Malware Config
Extracted
Family
cybergate
Version
v1.04.8
Botnet
LOB
C2
cebratty.no-ip.org:8005
Mutex
81J365U6707PF4
Attributes
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
Win32INI.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
admin
-
regkey_hklm
Google Background Service
Signatures
-
Cybergate family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
31616ce2506f68481743a3b8a8bad7e7_JaffaCakes118
Headers
Sections