cybergate | 5b0c0339f1f891cf660dab2c8d396f5d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5b0c0339f1f891cf660dab2c8d396f5d_JaffaCakes118
Size

645KB
MD5

5b0c0339f1f891cf660dab2c8d396f5d
SHA1

669d20206e5298d38c26fc80dd5366feb2fff301
SHA256

c62df0cc583e96a7fb93be7e1ab4ea7759743ed26d0e0af9f5e9bd963a81d076
SHA512

a0a71617f7023d2a8f080aebc2aa06751b059557061a84f9d9432b3a3251f17a4f01009eda9986e002277439d31b8976679482d67cf50dfd7e2110992d1297ce
SSDEEP

6144:GOpsld/xy/xn/hdBCkWYxuukP1pjSKSNVkq/MVJb+I3/xR:GwsldQNTBd47GLRMTbb

Score

10^/10

8888888888888 cybergate

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

8888888888888

C2

ddiimmaa.zapto.org:100

Mutex

0NTBVP06W0UJ6L

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
The file NOT correct and explozired actions dll!
message_box_title
microsoft
password
1234
regkey_hkcu
HKCU
regkey_hklm
HKLM

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b0c0339f1f891cf660dab2c8d396f5d_JaffaCakes118

Files

5b0c0339f1f891cf660dab2c8d396f5d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

code
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 313KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE