General
-
Target
5ae04fd715bbb8e14f81d3da429678df_JaffaCakes118
-
Size
323KB
-
MD5
5ae04fd715bbb8e14f81d3da429678df
-
SHA1
288f43ee1b3046c6b4a67b4f845eefc78c81b258
-
SHA256
a83cc235a6ce8f615855b4ae9c1baec3e963fd73a32d702a18747ff529a4a388
-
SHA512
024b338b7d81173da4fa563f0f50762cc5c0ed194bdd73e6f296b7531e5876c9b7a6e86d2491d708c79dd630f6220facdfa14cc931853df7f2b42879c1a1ec9c
-
SSDEEP
6144:HOpslERlq5hdBCkWSzyEE81pjSKoW78U1bgibiDNX49:Hwsl3TBJeH87GAf11beNXW
Score
10/10
Malware Config
Extracted
Family
cybergate
Version
v1.07.0
Botnet
remote
C2
esam3at.no-ip.biz:246
Mutex
W25020Q2UH182R
Attributes
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
1234567
Signatures
-
Cybergate family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
5ae04fd715bbb8e14f81d3da429678df_JaffaCakes118
Headers
Sections