Overview

overview

10

Static

static

10

62c1186342...18.exe

windows7-x64

10

62c1186342...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    62c118634250445554ab044f9919b791_JaffaCakes118

  • Size

    281KB

  • MD5

    62c118634250445554ab044f9919b791

  • SHA1

    8a444596150764a36ede0bca6bb2a0dff0c9a0a6

  • SHA256

    f5f9b85b9391e711a0ffe36fcd10fdccf6e4742c22ddac66c24bffbf72838e5a

  • SHA512

    41e2d800c8fa9c87f04b99d14cac322c4d0a997af34ca3d827ec13ccef6784b06cf237dbabb8c2a45ff3f523deefd3c533c100160e0f80bf440076fae89d00a4

  • SSDEEP

    6144:gScrL24mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijk:xcJy78QSVnNyhsFMCeSjk

Score
10/10
juntexcybergate

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Crack Version

Botnet

Juntex

C2

y3r0nny.no-ip.org:5001

Mutex

3MMV618DFQ8181

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    win32.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    123456

  • regkey_hkcu

    win32

  • regkey_hklm

    win32

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 62c118634250445554ab044f9919b791_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections