General

  • Target

    9191a646b26d80acd6367f33e51f466b_JaffaCakes118

  • Size

    564KB

  • Sample

    240813-etljwatenf

  • MD5

    9191a646b26d80acd6367f33e51f466b

  • SHA1

    d8100cf40d852a0e0b58694ad6bcbaf0e2afeb64

  • SHA256

    add425f40fbbfb9d66edfe7488fcc25850162f9a036b02e89556f919e59ab7a2

  • SHA512

    c427295f281be349c459e4ae6826f305a04b9477db1f7abe9a2c9e23e5c67864f62ceec635c6f97a16f4b95607a41c5b3f65ac0cdbaa9fb80200001a583e0c84

  • SSDEEP

    12288:xMuMlOQcNOqYNf1H/3R96Nye84QkIiZ2zkPaCxr:xMuMlO7NOv1HPfs184QJiZOklJ

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

gntdaniel.no-ip.org:2000

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    O arquivo nao pdoe ser aberto pelo windowns erro (x04001001)

  • message_box_title

    ERRO

  • password

    123

  • regkey_hkcu

    svchost

  • regkey_hklm

    svchost

Targets

    • Target

      9191a646b26d80acd6367f33e51f466b_JaffaCakes118

    • Size

      564KB

    • MD5

      9191a646b26d80acd6367f33e51f466b

    • SHA1

      d8100cf40d852a0e0b58694ad6bcbaf0e2afeb64

    • SHA256

      add425f40fbbfb9d66edfe7488fcc25850162f9a036b02e89556f919e59ab7a2

    • SHA512

      c427295f281be349c459e4ae6826f305a04b9477db1f7abe9a2c9e23e5c67864f62ceec635c6f97a16f4b95607a41c5b3f65ac0cdbaa9fb80200001a583e0c84

    • SSDEEP

      12288:xMuMlOQcNOqYNf1H/3R96Nye84QkIiZ2zkPaCxr:xMuMlO7NOv1HPfs184QJiZOklJ

MITRE ATT&CK Enterprise v15

Tasks