Overview

overview

10

Static

static

10

8b39e2578d...18.exe

windows7-x64

10

8b39e2578d...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8b39e2578dd2bc285b37c62f5097f383_JaffaCakes118

  • Size

    803KB

  • MD5

    8b39e2578dd2bc285b37c62f5097f383

  • SHA1

    1de9aecd81d0ede42791bb4ac8dbf10f16d70225

  • SHA256

    729c477f8f61fda204028e62752e017e4d9d5244987589683464f2d4547d20c7

  • SHA512

    813b7ec3dcf3f5bd23b1b15e434ccd10623f4c3548f4cd58f6e8c50424e59a95f70509e47e72e172af8b7e796545cfabc2e1d0f380df08a0169ccfc444e6107e

  • SSDEEP

    12288:yU8+0nhIdhXYeGLyWSKaAS79MEqfGMkHpnhVdhXY:yUuW8jyiSZgfGpr8

Score
10/10
upxacidslasherx.no-ip.bizcybergate

Malware Config

Extracted

Family

cybergate

Version

v1.05.1

Botnet

acidslasherx.no-ip.biz

C2

acidslasherx.no-ip.biz:82

Mutex

GQRE5RE1SBWIJ2

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • ftp_password

    ªš÷Öº+Þ

  • ftp_port

    21

  • ftp_server

    [email protected]

  • ftp_username

    ftp_user

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    true

  • message_box_caption

    You are about to install no cd cracks for any autorun file on your pc, are you sure you want to overwrite all of theese files?

  • message_box_title

    AcidSlasherX

  • password

    acidx

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
    cybergate
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 8b39e2578dd2bc285b37c62f5097f383_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections