Overview

overview

10

Static

static

10

5a632826d3...18.exe

windows7-x64

10

5a632826d3...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5a632826d3704a197e4dd9d2aa107c34_JaffaCakes118

  • Size

    1.2MB

  • MD5

    5a632826d3704a197e4dd9d2aa107c34

  • SHA1

    b699ac7db8e770aa8193807bddc1da52fbfbed1b

  • SHA256

    9d7df0e49d6972a96146effc997059e063502840b0c51f5917b5e2b096539682

  • SHA512

    0d4ab3eecd79371cf4e7d73c9d84db973b51e8a557c04191ec02c9ed4302445ff72e06a0a952467c2ae18da1cffb70cb1be3c70ea6cbf41efd2c8a2d41fb6407

  • SSDEEP

    24576:WslPlqFJILRFLEm6W4zY9t1Memkj/Z5rr4BWd474mfb:WsFlqFyLRFHI09fZ5rrEWOPfb

Score
10/10
remotecybergate

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

remote

C2

kb81.no-ip.org:5588

kb82.no-ip.org:5588

kb83.no-ip.org:5588
Mutex

VP75Q8AMI4674E

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    java

  • install_file

    java.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    cybergate

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5a632826d3704a197e4dd9d2aa107c34_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections