General

  • Target

    44bc1069163a24c7436cf35a93bba611_JaffaCakes118

  • Size

    274KB

  • MD5

    44bc1069163a24c7436cf35a93bba611

  • SHA1

    afe484069c1fbebb0af9bec7d8f70955ecbe8f40

  • SHA256

    f57d303321f8d5429e757128e4eaadbf07d0081257ad3e4fa85dede1202a28a9

  • SHA512

    2bc1da13760a5c60e18761bb88bb9455d37eed0e3c87e67bc83a4cf2c9af7f0d0f4017f863b06d35c6ec64ec404b010d216c3967fc67f39020664febdb9c66c2

  • SSDEEP

    6144:nMIpu9NhNyEYw48acZccSU+U4pN/EHqGs:nbpSbNrjbSUdk/DG

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

remote

C2

anjan123.no-ip.org:85

Mutex

MD2K4Q7O3P681M

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    123456

Signatures

  • Cybergate family
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 44bc1069163a24c7436cf35a93bba611_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections