General
-
Target
ac731464fb6c3224d7bf2cd2d8e09ad2_JaffaCakes118
-
Size
270KB
-
MD5
ac731464fb6c3224d7bf2cd2d8e09ad2
-
SHA1
e2809cf00467d37f592d6326d828cb0794a498a5
-
SHA256
af71bd6228b981cb28b11674d1b510c2ec2fecf31b054c8832dedbfa1aac2b05
-
SHA512
6cdeae5792c740dda9d5b2de5cb333fb48b29721f0a6cba298a1c922044c0b546a71829343452c339b368b45af6d9e30c2b796b95bab2f384827b620dffa5cea
-
SSDEEP
6144:XKMN3bWRA9Fd2kUrJ8tWF7EIebvf2aP6cPi40txM51Sp5g:6OrWRA9Fk7VwXfGcPb0HM51Sp
Malware Config
Extracted
cybergate
TRUE
ØØÎÙÏϼ¼êÕÎÈÉÝÐìÎÓÈÙßȼ¼êÕÎÈÉÝÐýÐÐÓß¼¼êÕÎÈÉÝÐúÎÙÙ¼¼¼ùÄÕÈìÎÓßÙÏϼ¼¼ðÏÝÿÐÓÏÙ¼¼ÿÎÅÌÈéÒÌÎÓÈÙßÈøÝÈݼ¼óÐÙõÒÕÈÕÝÐÕÆÙ¼¼¼ïÅÏúÎÙÙïÈÎÕÒÛ¼¼¼ìïÈÓÎÙÿÎÙÝÈÙõÒÏÈÝÒßÙ¼¼îÝÏùÒÉÑùÒÈÎÕÙÏý¼¼¼ïôûÙÈïÌÙßÕÝÐúÓÐØÙÎìÝÈÔý¼¼¼èÓýÏßÕÕ¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼Capsule_Hack.exe
{L5LE35C8-627Y-03HB-813B-Q4V623EB31J4}
HKLM
HKCU
TRUE
48
0
WR-Shop
You need Buy VIP!
FALSE
ftp.server.com
./logs/
ftp_user
ª÷Öº+Þ
21
30
-
enable_keylogger
false
-
enable_message_box
true
-
ftp_directory
v1.07.5
-
ftp_interval
5000
-
ftp_server
6965cba8020d9cff26fa43c34a86f346
-
install_dir
TRUE
-
install_file
TRUE
-
install_flag
true
-
keylogger_enable_ftp
true
-
message_box_caption
FALSE
-
message_box_title
TRUE
-
password
TRUE
-
regkey_hkcu
TRUE
-
regkey_hklm
TRUE
Signatures
-
Cybergate family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
Files
-
ac731464fb6c3224d7bf2cd2d8e09ad2_JaffaCakes118
Headers
Sections
-
out.upx
Headers
Sections