cybergate | 75cb52ceb0fa434daa1dfdc0f79bb4e9_JaffaCakes118

General

Target

75cb52ceb0fa434daa1dfdc0f79bb4e9_JaffaCakes118
Size

744KB
MD5

75cb52ceb0fa434daa1dfdc0f79bb4e9
SHA1

519828351343f91303515e9be08cc4177c646c50
SHA256

1d11504195ec355b30bcfa202a406766cb1120988135bfa9a2aceb019400ec8b
SHA512

2bc0c2fc0700974993e0472fb45d533103b0e51d2e183a99f339b597d57b3a139f2e8dbc039b090c2ad7f74b66a9986bd7151156b43673883bc1dd864a13e8dd
SSDEEP

12288:OcD66FZ2zkPaCxqDGmzyPdolSGhrgiuUcp:OoZOkll91eBhrgV

Score

10^/10

w cybergate

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

W

C2

7neeny.dyndns.biz:888

joo2010.no-ip.biz:888

joo2010.dyndns.biz:888

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
svchost.exe
install_dir
win
install_file
windows.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
t?tulo da mensagem
password
246810
regkey_hkcu
HKCU
regkey_hklm
HKLM

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
75cb52ceb0fa434daa1dfdc0f79bb4e9_JaffaCakes118

Files

75cb52ceb0fa434daa1dfdc0f79bb4e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.scpack
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.scpack Size: 320KB - Virtual size: 320KB

.text Size: 4KB - Virtual size: 4KB

.data Size: 272KB - Virtual size: 272KB

.rsrc Size: 68KB - Virtual size: 68KB

.aspack Size: 72KB - Virtual size: 72KB

.adata Size: 4KB - Virtual size: 4KB

.scpack
Size: 320KB - Virtual size: 320KB

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 272KB - Virtual size: 272KB

.rsrc
Size: 68KB - Virtual size: 68KB

.aspack
Size: 72KB - Virtual size: 72KB

.adata
Size: 4KB - Virtual size: 4KB