Overview

overview

10

Static

static

10

3aff0a87b3...18.exe

windows7-x64

10

3aff0a87b3...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3aff0a87b390655c480533a2d021f5e0_JaffaCakes118

  • Size

    281KB

  • MD5

    3aff0a87b390655c480533a2d021f5e0

  • SHA1

    3c99f7218a48ff9b0b91187ed964b4ce86294a94

  • SHA256

    6b09eed6e93e5e7a6409383c19c403ea659dcf00a84763f19dfb8672715ba81b

  • SHA512

    b6ca0a8d4c195f6f6497d4f7d11510dfa9681c86a66280cdb2628d8f9ec16875569eb75b909bddcff8aa0c22d140bfff305441a6787f82e76df97931cb03e6ed

  • SSDEEP

    6144:AScrLM4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijR:RcDy78QSVnNyhsFMCeSjR

Score
10/10
remotecybergate

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Trial version

Botnet

remote

C2

cybergatemetin.no-ip.biz:999

Mutex

T3W16RC2GDW0M4

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    system32

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Die Datei konnt nicht geƶffnet werden. Errorcode '832'

  • message_box_title

    CyberGate

  • password

    12345

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3aff0a87b390655c480533a2d021f5e0_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections