General

  • Target

    c1db34e394131c60fe8a4980e0eb1735_JaffaCakes118

  • Size

    385KB

  • MD5

    c1db34e394131c60fe8a4980e0eb1735

  • SHA1

    f36b22c1c22949fc68b970a067bb18e786c22562

  • SHA256

    d834c4ee40e951f0cd987be724b3dca2a1012d88a3249b7f5897c3e2c94d1f5e

  • SHA512

    051686ccd23290312a012095acb3004c07d488aa5d1d8f43e417e20f30ef5da9e6858fb975d09cf5ecda1b9639cc8e0c2bf352c9bacea9ba37baf5e66a9e4c41

  • SSDEEP

    6144:u3LCsxZZQttyCVxaWYSdMU/77hlruc6XmDoTbcI7CPPdZqkVk:q2eAtpVxagMU/plruchDofAPN+

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

v1.02.0

Botnet

remote

C2

71.197.13.66:100

Mutex

1E8N575VGY2O72

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    csrss.exe

  • install_dir

    install

  • install_file

    Auto Clicker

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    123456

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • c1db34e394131c60fe8a4980e0eb1735_JaffaCakes118
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.