General
-
Target
fac724a71ee8f7ada5ceef4065ccea9e_JaffaCakes118
-
Size
347KB
-
MD5
fac724a71ee8f7ada5ceef4065ccea9e
-
SHA1
a6cccffce2e04fb7cac24a1b37bf0ad23b362450
-
SHA256
d7515b52f19996089b204a1dc9e559fe963e7c9a1e71efe033e23ceb2dce853f
-
SHA512
4bb654d48c8e3d76a95a8e4870066b51b4d8686cabfeedeb778e0d60787edbff0eaa88a7e38e114cb9ee93d1d0135168d6d0c86b9aebf67fbc44d33b0aaf7508
-
SSDEEP
6144:AOpsljhdBCkWYxuukP1pjSKSNVkq/MVJbLIRo6J:AwsljTBd47GLRMTbp
Malware Config
Extracted
cybergate
v1.07.5
Cyber
bananachickens.no-ip.org:100
78NSN07UIS5O7T
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
.//domains/hbproductions.nl/public_html/levels/
-
ftp_interval
30
-
ftp_password
E=MC218121995
-
ftp_port
21
-
ftp_server
ftp.hbproductions.nl
-
ftp_username
user7065
-
injected_process
explorer.exe
-
install_dir
WinDir
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
true
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Cybergate family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
fac724a71ee8f7ada5ceef4065ccea9e_JaffaCakes118
Headers
Sections