Overview

overview

10

Static

static

10

360c27bed7...18.exe

windows7-x64

10

360c27bed7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    360c27bed77412ccefceae34b852d9d8_JaffaCakes118

  • Size

    703KB

  • MD5

    360c27bed77412ccefceae34b852d9d8

  • SHA1

    c93f4b29f0c4584c41a19d8f3ff7efa36fb99c1f

  • SHA256

    f6aa8dcf890585396330302060d01c40b2b01533563c8b8b4f4ed33e4c69ec43

  • SHA512

    4e8b6cfeacf455c596759934990cdcfa6649c216dd101d8a97de7038f4115b7e84d517f3610437482e08938399bd5c7527c9b53486751f4abfa4b2cfc9dd2b42

  • SSDEEP

    6144:8ScrL385S+GYEPZ28cSd94mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXij:tc2S73cMiy78QSVnNyhsFMCeSj

Score
10/10
remotecybergate

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Crack Version

Botnet

remote

C2

ali70.no-ip.biz:999

Mutex

X7HITN3M6M86O0

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    svchost.exe

  • install_dir

    rety

  • install_file

    massnger.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    cybergate

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 360c27bed77412ccefceae34b852d9d8_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections