General

  • Target

    3374a68a53d9d4dc591beafe66a17fd5_JaffaCakes118

  • Size

    353KB

  • MD5

    3374a68a53d9d4dc591beafe66a17fd5

  • SHA1

    89de873996a7114b7cb981c4443fdec0c2f57c58

  • SHA256

    278ddf62df7bcfb0a48e4a65ff49a0128a16866d4a914243d5f003c043531c84

  • SHA512

    754c7c23ff16fc3bcc0e5772278e25b3173e297859a744c8d7b7281b8a73c08fc4e11caefde9d35a9b020b8c07d619e22b8d8273a5ed65dddc72dfd0c831e3dc

  • SSDEEP

    6144:SmcD66Rt5JGmrpQsK3RD2u270jupCJsCxCXIzzc:3cD66aZ2zkPaCx3w

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ÖÍíÉ

C2

sa83.np-ip.biz:288

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    svchost.exe

  • install_file

    windows.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

Signatures

  • Cybergate family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3374a68a53d9d4dc591beafe66a17fd5_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections