General
-
Target
96817ef88c34a6b60e4edba25337da1f_JaffaCakes118
-
Size
344KB
-
MD5
96817ef88c34a6b60e4edba25337da1f
-
SHA1
ad444a7d2eb9c4be77b7c14de6e97a1c2c4d1d2d
-
SHA256
d947d57fa3aa32c330c1ba314871bf276a561779dd92ad371dedfa1a42ef2fc7
-
SHA512
dc56538d04e553b3375b863a55b9a7b59fa9e196f2006c05445b420c8dcff8d46c48376c117922cafa7369d7d3ffd085cae3e119421e95a06ea3c9c13c0e6541
-
SSDEEP
6144:9V7+/DKM/DzetXD5sueVhrhxI//P0Y7o3W4zMEg3JDxHkWO9RPmhFWhHx961:9VEDXHRueVhNxI3P0uXWJmhohR961
Malware Config
Extracted
cybergate
2.6
vítima
arrozmaionese.no-ip.biz:3000
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
drive.
-
install_file
tasksrc.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
arroz
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Extracted
cybergate
FALSE
ÝØðÕÞÎÝÎÅý¼¼ûÙÈìÎÓßýØØÎÙÏϼ¼êÕÎÈÉÝÐìÎÓÈÙßȼ¼êÕÎÈÉÝÐýÐÐÓß¼¼êÕÎÈÉÝÐúÎÙÙ¼¼¼ùÄÕÈìÎÓßÙÏϼ¼¼ðÏÝÿÐÓÏÙ¼¼ÿÎÅÌÈéÒÌÎÓÈÙßÈøÝÈݼ¼ÿÓèÝÏ×ñÙÑúÎÙÙ¼¼¼ïÅÏúÎÙÙïÈÎÕÒÛ¼¼¼ìïÈÓÎÙÿÎÙÝÈÙõÒÏÈÝÒßÙ¼¼îÝÏùÒÉÑùÒÈÎÕÙÏý¼¼¼ïôûÙÈïÌÙßÕÝÐúÓÐØÙÎìÝÈÔý¼¼¼èÓýÏßÕÕ¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼¼J4173WYX4}
HKLM
HKCU
FALSE
16
0
título da mensagem
texto da mensagem
TRUE
ftp.0fees.net
.//htdocs/adv/
fees0_6839145
ashman4u
21
30
-
enable_keylogger
false
-
enable_message_box
false
-
install_dir
FALSE
-
install_file
FALSE
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
TRUE
-
message_box_title
TRUE
-
password
FALSE
-
regkey_hkcu
FALSE
-
regkey_hklm
FALSE
Signatures
-
Cybergate family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
Files
-
96817ef88c34a6b60e4edba25337da1f_JaffaCakes118
-
main.exe
Headers
Sections
-
server2.exe
Headers
Sections
-
out.upx
Headers
Sections