Overview

overview

10

Static

static

10

c7ef7f0630...18.exe

windows7-x64

10

c7ef7f0630...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    c7ef7f0630dfbd1d99e5920b63c6e623_JaffaCakes118

  • Size

    291KB

  • MD5

    c7ef7f0630dfbd1d99e5920b63c6e623

  • SHA1

    ca2b0ef05f1d7d7973b753d6ce772f97d2f2a9ba

  • SHA256

    7f850626ed2d8ab5e58d3a62b301df34df5021a98231966dce7a2f61ea83003e

  • SHA512

    7352f3b7f5f07a15b901ec85bd7f931a414f2a0407ba33f6d1297ea9a52466660b17f6ae4d3b3c1c7189d0ac696d938d34238c5e6366a24880d1d0b5aaae7dbe

  • SSDEEP

    6144:6mcD66RRjPcQEIXKgQj6NUqV3IFJtBToREujB5wZl5DLfVq4mExyv:PcD663eeKgQpqV3IF9D5LfV13yv

Score
10/10
haribocybergate

Malware Config

Extracted

Family

cybergate

Version

2.7 Beta 02

Botnet

Haribo

C2

oohariboo.no-ip.biz:81

Mutex

8SHP3J027FN845

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    Windir

  • install_file

    svchost.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Patientez...

  • message_box_title

    Cam hack by StreamZz

  • password

    louanne32310

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • c7ef7f0630dfbd1d99e5920b63c6e623_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections