General
-
Target
c85b21a27df9280596f32888ce610fff_JaffaCakes118
-
Size
429KB
-
MD5
c85b21a27df9280596f32888ce610fff
-
SHA1
7ade393c384ddf8cec4fa0f21ff20b39598915b1
-
SHA256
522ac2d732ba84325c8c83a96c7c19b6599e479639a281af4952079cd991a0b6
-
SHA512
683b2017bb2eee29b90ac10f41cfa02202816200d065ab7c600f21d4238562362254b97683f51f2058e58e2e188cdbf9129a26a94a476d4ffb83278647d8b42d
-
SSDEEP
6144:LmcD66RDKHRb4w5B7JV5JGmrpQsK3RD2u270jupCJsCxCpIfcq:ScD66BKf5wZ2zkPaCxY
Malware Config
Extracted
cybergate
2.6
ÎÑææÝ
tooto0550.no-ip.biz:81
toooto0550.no-ip.biz:81
nawaf0550.no-ip.biz:81
192.168.1.100:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
ftp_password
ª÷Öº+Þ
-
ftp_port
21
-
ftp_server
ftp.server.com
-
ftp_username
ftp_user
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
true
-
message_box_caption
error no it file
-
message_box_title
error
-
password
abcd1234
Signatures
-
Cybergate family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
c85b21a27df9280596f32888ce610fff_JaffaCakes118
Headers
Sections