cybergate | d593a5d6558a2ea2768d9862983c76c0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d593a5d6558a2ea2768d9862983c76c0_JaffaCakes118
Size

901KB
MD5

d593a5d6558a2ea2768d9862983c76c0
SHA1

826ea32d07eb0a54d0d1823b542c205cc270a2be
SHA256

fbed47d48b5852f0e243ed1c5675a9baccd7a5a27e20454d53eddc8975667456
SHA512

cd4b5d2900f121efd2670a2686d23354cb635ca9f51e33cdb5d1dd544bd3ddb59b5e71c829ee08a1217dd519cef7b9fc4d0248f7e1e6363818868b7e0ec4c232
SSDEEP

24576:6zq+LtXVERKGMUT7ZaclhgV6x74YW6XR9WMdvXaPN:6zq+xXVyKGMc7MUQ6JXmM5YN

Score

10^/10

vítima upx cybergate

Malware Config

Extracted

Family

cybergate

Version

2.7 Final

Botnet

vítima

78.243.80.47:80

78.243.80.47:81

78.243.80.47:82

78.243.80.47:83

geekattitude.dyndns-ip.com:80

geekattitude.dyndns-ip.com :81

geekattitude.dyndns-ip.com :82

geekattitude.dyndns-ip.com :83

192.168.0.16:80

192.168.0.16:81

192.168.0.16:82

192.168.0.16:83

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
Hack comptes Steam
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Nous sommes en train de vous séléctionner un compte Steam à partir de notre base de données. VEUILLEZ PATIENTEZ. . . . . . . . . . . . . . . . . . . . . . . . . . . . .
message_box_title
Hack comptes Steam
password
abcd1234
regkey_hkcu
HKCU
regkey_hklm
HKLM

Signatures

Cybergate family
cybergate

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Hack comptes Steam/mozsqlite3.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Hack comptes Steam/mozsqlite3.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Hack comptes Steam/Hack comptes Steam.exe
unpack001/Hack comptes Steam/mozsqlite3.dll
unpack002/out.upx

Files

d593a5d6558a2ea2768d9862983c76c0_JaffaCakes118
.rar
Hack comptes Steam/!! IMPORTANT - Explication et Tuto.txt
Hack comptes Steam/Data & Database/Database.txt
Hack comptes Steam/Hack comptes Steam.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Hack comptes Steam/mozsqlite3.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_held
sqlite3_mutex_leave
sqlite3_mutex_notheld
sqlite3_mutex_try
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_step
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf

Sections

UPX0
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 165KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 44KB - Virtual size: 44KB

DATA Size: 1024B - Virtual size: 544B

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 180KB

UPX1 Size: 165KB - Virtual size: 168KB

UPX2 Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 268KB - Virtual size: 267KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 28KB - Virtual size: 28KB

.reloc Size: 12KB - Virtual size: 8KB

CODE
Size: 44KB - Virtual size: 44KB

DATA
Size: 1024B - Virtual size: 544B

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

UPX0
Size: - Virtual size: 180KB

UPX1
Size: 165KB - Virtual size: 168KB

UPX2
Size: 5KB - Virtual size: 8KB

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 28KB - Virtual size: 28KB

.reloc
Size: 12KB - Virtual size: 8KB