cybergate | 838223b38a310da87eb5c5601e9f2c2ce5ccea4f31e52ad724368730ef9c89eb | Triage

Sharing

General

Target

JaffaCakes118_632d8fb50160d2baf2b9d3bfb7051853
Size

283KB
Sample

250102-g3keaaxnct
MD5

632d8fb50160d2baf2b9d3bfb7051853
SHA1

9761d966c931867235457440b2c587c2a371c096
SHA256

838223b38a310da87eb5c5601e9f2c2ce5ccea4f31e52ad724368730ef9c89eb
SHA512

9bfbc6e122afddcc67180bed05fe3f8e85dc60caffe15835a7a3ee16544347b7292f0fe940da5e8c3bdc42f80082fc0cd0abbd89d4aa6f4f51b794f56456ddc4
SSDEEP

6144:jmcD66uTjt5JGmrpQsK3RD2u270jupCJsCxCM:acD66U4Z2zkPaCxD

Score

10^/10

cybergate vítima discovery

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

dexterandnexter01.no-ip.org:81

Mutex

***MUTEX***

Attributes

enable_keylogger
false
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
spynet
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
1111
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  JaffaCakes118_632d8fb50160d2baf2b9d3bfb7051853
- Size
  
  283KB
- MD5
  
  632d8fb50160d2baf2b9d3bfb7051853
- SHA1
  
  9761d966c931867235457440b2c587c2a371c096
- SHA256
  
  838223b38a310da87eb5c5601e9f2c2ce5ccea4f31e52ad724368730ef9c89eb
- SHA512
  
  9bfbc6e122afddcc67180bed05fe3f8e85dc60caffe15835a7a3ee16544347b7292f0fe940da5e8c3bdc42f80082fc0cd0abbd89d4aa6f4f51b794f56456ddc4
- SSDEEP
  
  6144:jmcD66uTjt5JGmrpQsK3RD2u270jupCJsCxCM:acD66U4Z2zkPaCxD
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

vítimacybergate

behavioral1

behavioral2