General

  • Target

    764855ee853cf529539f87bd24693651_JaffaCakes118

  • Size

    290KB

  • MD5

    764855ee853cf529539f87bd24693651

  • SHA1

    9a454c34c21023b580001838cf42dfa73bc70b13

  • SHA256

    4b50f5f1e8d8f35db928f5538e3a84ab3e12134e1d89333c0a781491e4e29a2d

  • SHA512

    6537c455e60171af261e1920149d98caff1e9b4a4f874bcc8e9e2213051cb57e0b0296b88caae17506e8518a2e9d8bf3f7b9496e65b8b229b0a0e56d0f81c8ee

  • SSDEEP

    6144:ImcD66RRje5JGmrpQsK3RD2u270jupCJsCxCP:BcD663HZ2zkPaCxe

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

195.no-ip.biz:1338

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    SkYNet.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Erro Descupe Consute o Criador do Programa

  • message_box_title

    Erro Descupe Consute o Criador do Programa

  • password

    96848806

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 764855ee853cf529539f87bd24693651_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections