General

  • Target

    73f8b1f6e0e64a648445c575bc64aaad_JaffaCakes118

  • Size

    273KB

  • MD5

    73f8b1f6e0e64a648445c575bc64aaad

  • SHA1

    5eb0b30e36a234e2e5bcd11f1456cea6ebb914b9

  • SHA256

    277e3f881ff5937e48da7594ba43f306dfb9d0ed2e7cfa90360ab60ea05f8e4e

  • SHA512

    0ae93d2bf8a949108544dab21d3d8af1d1c82405c48ec06ab89762ad02c3b73b8e0c533b9143d918feea04cce4355a193613a443e1173a373ae94d4cba0a05cf

  • SSDEEP

    6144:73O1ZxoxDNT/xQphU+MYerYctWC201Dxeb/b4N5MCLW/4DOY1ChWdh:LO14h/xQp6+MYer3201tebT4n1LXP1CQ

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

v1.01.18

Botnet

Cyber

C2

mywildrat1.no-ip.biz:81

Mutex

CyberGate1

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    Rs-Pin-Generator

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Please Install the latest version of Java and Try Again.

  • message_box_title

    Rs-Pin-Generator

  • password

    123456

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 73f8b1f6e0e64a648445c575bc64aaad_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections