Overview

overview

10

Static

static

10

4068171260...18.exe

windows7-x64

10

4068171260...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4068171260ef0f95dc29c255000e054e_JaffaCakes118

  • Size

    296KB

  • MD5

    4068171260ef0f95dc29c255000e054e

  • SHA1

    2e86563dec54d02d709b908aabad071e8a5f1ba9

  • SHA256

    0a299f2bf1fb1029b04d567f54d653325c0a95c6cd8960fa7c5460fb92e6bdfb

  • SHA512

    74a301b03330bf78b95af75976e45038224b86002037a5ab88d6d2ea1ee238c308345abd94d43f588c1d5592bce5c6b9ed3481b2c476c9f584648ee84f0c5025

  • SSDEEP

    6144:POpslFlqAhdBCkWYxuukP1pjSKSNVkq/MVJbS:PwslFTBd47GLRMTbS

Score
10/10
server2cybergate

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

server2

C2

bookworm.read-books.org:35000

Mutex

5FU8ELK4WB7R88

Attributes
  • enable_keylogger

    false

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    microsoft

  • install_file

    Isass.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    %$;*G5%8j*

  • regkey_hkcu

    Isass

  • regkey_hklm

    Isass

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4068171260ef0f95dc29c255000e054e_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections