Overview

overview

10

Static

static

10

5bd31aa3af...18.exe

windows7-x64

10

5bd31aa3af...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5bd31aa3af95319c95a52ae520d74cef_JaffaCakes118

  • Size

    283KB

  • MD5

    5bd31aa3af95319c95a52ae520d74cef

  • SHA1

    4b59e578860da6b2d13aebb6571be92537484ac6

  • SHA256

    c509b39cc7f29bd1f7b2011c81b73dfb1d6829c96cbfeee6f7e4b192cc4725a5

  • SHA512

    7f1c6d6dd32467c7d6eb31e47ba355d6f726e3d6fa5adff12fa1a9f99acf657f895c82401674f8a690001e213e75ca56a39c4cfd77e08273a77ae683daa8117b

  • SSDEEP

    6144:N4ABF94ypAuO/50BTnqPd0Mpz7qhh4nXjjf8MZ9BKXKR:WUWGLE0kuGnESBR

Score
10/10
remotecybergate

Malware Config

Extracted

Family

cybergate

Version

v1.04.8

Botnet

remote

C2

viruscan.zapto.org:999

Mutex

11R7J3E35HTQ12

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    123

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5bd31aa3af95319c95a52ae520d74cef_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections