Overview

overview

10

Static

static

10

a72e566067...18.exe

windows7-x64

10

a72e566067...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a72e5660670cbf2170444bed0b8ffd52_JaffaCakes118

  • Size

    280KB

  • MD5

    a72e5660670cbf2170444bed0b8ffd52

  • SHA1

    426c3ed09a7f20c0995f2a683f6369fce70fba29

  • SHA256

    9d2af39dfabb18b5d98ce20f7694f56bf83927a2c2b6d879f06daf6124617d13

  • SHA512

    922bc58bedc1a37e323ad22f99c293f6e944a3964656cd1663d088b864c6da53b5c263b7d32c10afd44636307d8804ef126e303e7ef343b304afac82212ab69d

  • SSDEEP

    6144:X3O1ZWoxDNT/xQphU+MYerYcNC201Dxeb/AQAinBsoZ0HbK8:nOy4h/xQp6+MYerI201tebYQAinBO7K8

Score
10/10
remotecybergate

Malware Config

Extracted

Family

cybergate

Version

v1.01.17

Botnet

remote

C2

dannymatrix.no-ip.org:8089

Mutex

CyberGate1

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    microsof

  • install_file

    wuindows.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    123456

  • regkey_hkcu

    microsof

  • regkey_hklm

    microsof

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • a72e5660670cbf2170444bed0b8ffd52_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections