C:\Users\26619\Documents\Visual Studio 2005\Projects\Dragon\Dragon\obj\Release\Dragon.pdb
General
-
Target
55958b2b8a67fa7ceec85640f2002d96_JaffaCakes118
-
Size
572KB
-
MD5
55958b2b8a67fa7ceec85640f2002d96
-
SHA1
4fc2821663cd4ba29ac2a3e2d592086907a95392
-
SHA256
88a934ef1a0cde102ccb37c151dda0b939e1e08104e21f0869ce0a0e8ba73464
-
SHA512
d5e274271b48c39dbba81e8d7493e3ce2caf9b58c93aa162cc51c0be1a2cf53cb95a1e125e9aed01358da3e87bbec69cad3284bb22caa91256e306e7399c42a4
-
SSDEEP
12288:O1JYNfL5hSY8wSixIqGdOC2bl6k030F8XTJvbw+Bq:xj3S8xrGdsb4k030OlbwKq
Score
10/10
Malware Config
Extracted
Family
cybergate
Version
v1.07.5
Botnet
Cyber
C2
127.0.0.1:999
ziurkenas.zapto.org:100
Mutex
W43KMDEXA53N8K
Attributes
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
WinDir
-
install_file
Svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Cybergate family
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
Files
-
55958b2b8a67fa7ceec85640f2002d96_JaffaCakes118
-
Dragon.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections
-
Ziurke.exe
Headers
Sections