General
-
Target
JaffaCakes118_6c72142fd760c8887044c59080e95ab0
-
Size
442KB
-
MD5
6c72142fd760c8887044c59080e95ab0
-
SHA1
8a44b73d57674a4aafff3afb97bf8096c6fff174
-
SHA256
a732c9401f345ac8f9c7c289037edeb3a70692303af4c6a4e037d5ff8bf7fadb
-
SHA512
e89e962b1505f6adae3c480ab215c71206a13aeb0e6587af8f5a308f1176044b8397d738a56de5e1b6e75de95e7cada61b25e9ab937e01b0b681bd53e8633ade
-
SSDEEP
6144:Ypwcc0wKugqw5gCxq85WWfRi42sEeNw/SE5O63xRnw9Id0qnN/SDc3X7:YpaMnvbtIW843EeNESCNw9Id0A/SDc
Score
10/10
Malware Config
Extracted
Family
cybergate
Version
2.7 Beta 02
Botnet
vítima
C2
127.0.0.1:81
Mutex
***MUTEX***
Attributes
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
ftp_password
ª÷Öº+Þ
-
ftp_port
21
- ftp_server
-
ftp_username
ftp_user
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
true
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Signatures
-
Cybergate family
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
Files
-
JaffaCakes118_6c72142fd760c8887044c59080e95ab0
Headers
Sections
-
out.upx
Headers
Sections