General
-
Target
17dd167a7578a21763969bd6cb2a4b43_JaffaCakes118
-
Size
353KB
-
MD5
17dd167a7578a21763969bd6cb2a4b43
-
SHA1
2329b456b8bf188db4023d6800725537474925cb
-
SHA256
79db2da31d86541ab45922ef9d91885172568d6b7913d70fa540f57555ce6d2b
-
SHA512
5b615a26707ad959eb5076c2a92ce5129f208a6c68b1d94e5ae498a8c8daa7f0512640ded206440c5441b37127c844777534249f0ec0798e1e0d5428e4847b33
-
SSDEEP
6144:PmcD66R65JGmrpQsK3RD2u270jupCJsCxCsIRD:ecD66JZ2zkPaCxkD
Malware Config
Extracted
cybergate
2.6
victim
farman.no-ip.biz:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Microsoft_KB214532
-
install_file
update.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Download .NET Framework Version 2.0 Redistributable from: http://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5
-
message_box_title
.NET Framework error
-
password
123!@#
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Cybergate family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
17dd167a7578a21763969bd6cb2a4b43_JaffaCakes118
Headers
Sections