General

  • Target

    b773a3a0c3df48de9f2a487a87e7c11c_JaffaCakes118

  • Size

    332KB

  • MD5

    b773a3a0c3df48de9f2a487a87e7c11c

  • SHA1

    ce398d6ac3950cfcc29573fd1ecbe0cba937d8bd

  • SHA256

    9010cda7e2d9d9a47b9a8ae76573fb643a53fad3fae1166e38755cac0eef04aa

  • SHA512

    cdcaaa6a2964a5814be966812c894f47849115000bd247cbcd9c8082c3365cb5c2ae91689a188c9ef6b24f04d3ab6891908c7ac4eab58fb878e07353156acaf5

  • SSDEEP

    6144:/mcD66RZ5JGmrpQsK3RD2u270jupCJsCxCxIdkO:ucD66qZ2zkPaCxy

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Server

C2

aaaasdeqqqqqq.no-ip.biz:80

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    spynet

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

  • regkey_hkcu

    HKCU

Signatures

  • Cybergate family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • b773a3a0c3df48de9f2a487a87e7c11c_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections