General

  • Target

    c9f25d147f9933d5d1d611f647fdec8e_JaffaCakes118

  • Size

    617KB

  • MD5

    c9f25d147f9933d5d1d611f647fdec8e

  • SHA1

    f9ba1aad7871afb1e4fc36a62d008c5170d86492

  • SHA256

    3e0b126c3abc2e49f4be4a647b6ffbe41abff7f006e16001a159e25596c6b61d

  • SHA512

    c7d7c54587d1b58d1f15bc076413177aba2a9762f328285044fb1016a50fd38746da32977f92f0af9ca81777ec1a4d5b49620bbf535e076d5e67931554b9a568

  • SSDEEP

    6144:2mcD66R7s4o77o7P5JGmrpQsK3RD2u270jupCJsCxC:jcD664Z2zkPaCx

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

lakamora.no-ip.org:5001

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • c9f25d147f9933d5d1d611f647fdec8e_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections