General
-
Target
ce4bc0c3f60bdb1349fe9779f369507b_JaffaCakes118
-
Size
296KB
-
MD5
ce4bc0c3f60bdb1349fe9779f369507b
-
SHA1
2ea81c3d44d565642b186d9c8dc8ab2a27cb3ba4
-
SHA256
69ae1e3e033a8cdb409720152637f4ffdf51f94a18cbefa3d06a60a34bde7193
-
SHA512
9ac96a2e2083a114a42c0575783e1a651fea3c5c61d5127b906cf36a84f5cbaa83073d512177c60f4619bc5defba08910260517fd025f8d7c951cfbcb5692d0b
-
SSDEEP
6144:POpslFlqRhdBCkWYxuukP1pjSKSNVkq/MVJbX:PwsliTBd47GLRMTbX
Score
10/10
Malware Config
Extracted
Family
cybergate
Version
v1.07.5
Botnet
Enfant
C2
lijaworld.zapto.org:4009
Mutex
6RV8OFV4J21YJ8
Attributes
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Win32
-
install_file
Win32.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
rumor658
-
regkey_hkcu
Services
-
regkey_hklm
Services
Signatures
-
Cybergate family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
ce4bc0c3f60bdb1349fe9779f369507b_JaffaCakes118
Headers
Sections