General

  • Target

    0bb6d336bdc276c0445f34cc41f4a18e_JaffaCakes118

  • Size

    296KB

  • MD5

    0bb6d336bdc276c0445f34cc41f4a18e

  • SHA1

    d3c2b5bec5f4999c23874cdc034accdc53ed1067

  • SHA256

    ed436ee6da9a39907aabbf67904a2a06d25f25730bba4f0ba1cb25bffaac9bdf

  • SHA512

    5d0d0822baa413f57d970f79356808d144b1fec838ee0abcef6a2ca369e7eb56eae795a4c5281fa208990f33f54cec2a0146ee2cfe6f369520560bc5510e9aeb

  • SSDEEP

    6144:POpslFlqGhdBCkWYxuukP1pjSKSNVkq/MVJbE:PwslHTBd47GLRMTbE

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

aradox

C2

facebooooo.no-ip.biz:81

Mutex

2R276IAOY2K74R

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    windir

  • install_file

    svchsot.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    resseyez !

  • message_box_title

    welcome

  • password

    123456

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0bb6d336bdc276c0445f34cc41f4a18e_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections