cybergate | 706679bc6ccb6a36658d6486056553c2_JaffaCakes118

General

Target

706679bc6ccb6a36658d6486056553c2_JaffaCakes118
Size

281KB
MD5

706679bc6ccb6a36658d6486056553c2
SHA1

9857727b842d578222c60641e8125ccaa8e4a502
SHA256

15130fbf062b096439dc5be74cbc6ccffc5f807450e8e94a6ea3f1e160f8d082
SHA512

29af1e93f3e243d99979f7e4a5f8fb163f96622ab6705e4d173e57122ff4c87fbd40d9db866c813f8023d8fed2ac42a8403ce47db2acd72823d22673b473326f
SSDEEP

6144:AScrLL4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijS:RcMy78QSVnNyhsFMCeSjS

Score

10^/10

mikael2375 cybergate

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Crack Version

Botnet

mikael2375

C2

mike2375.no-ip.org:7777

Mutex

8WSD2122NDDA34

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
237566

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
706679bc6ccb6a36658d6486056553c2_JaffaCakes118

Files

706679bc6ccb6a36658d6486056553c2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 37KB - Virtual size: 36KB

DATA Size: 512B - Virtual size: 292B

BSS Size: - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 2KB - Virtual size: 2KB

.rsrc Size: 237KB - Virtual size: 236KB

CODE
Size: 37KB - Virtual size: 36KB

DATA
Size: 512B - Virtual size: 292B

BSS
Size: - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 237KB - Virtual size: 236KB