cybergate | JaffaCakes118_6f178714e36cb29185aad0b2432b7855

General

Target

JaffaCakes118_6f178714e36cb29185aad0b2432b7855
Size

287KB
MD5

6f178714e36cb29185aad0b2432b7855
SHA1

25a1eb36efc78f080e1f27147e529bd9a6c18cff
SHA256

1c3e728c18c4d0fd11e2db692d113515d428ee5ea5e5b1ef6f116656895e7c2d
SHA512

b1abb233f1217dda772597f6e82931496b9495b34e902b5d343a9d211b6b380b0710bf68820aa0fa91872e56ad851af9a51b1a8902017746e7f5b069fc4f532f
SSDEEP

6144:+mcD66RRjX5JGmrpQsK3RD2u270jupCJsCxC/:7cD663mZ2zkPaCxU

Score

10^/10

photo cybergate

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

photo

C2

dimkinfunnypics.zapto.org:3128

dimkinfunnypics.zapto.org:80

dimkinfunnypics.zapto.org:81

dimkinfunnypics.zapto.org:8080

dimkinfunnypics.zapto.org:25

dimkinfunnypics.zapto.org:110

Mutex

*3e4f67G*MUTEX*44h86hjY7*

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./public_html/logs/
ftp_interval
60
ftp_password
otz6j33t
ftp_port
21
ftp_server
funnypics.hop.ru
ftp_username
w376023
injected_process
explorer.exe
install_file
kernel32.exe
install_flag
true
keylogger_enable_ftp
true
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
-666+
regkey_hkcu
kernel32.exe
regkey_hklm
kernel32.exe

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_6f178714e36cb29185aad0b2432b7855

Files

JaffaCakes118_6f178714e36cb29185aad0b2432b7855
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 234KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 44KB - Virtual size: 44KB

DATA Size: 1024B - Virtual size: 544B

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 3KB - Virtual size: 2KB

.rsrc Size: 234KB - Virtual size: 233KB

CODE
Size: 44KB - Virtual size: 44KB

DATA
Size: 1024B - Virtual size: 544B

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 234KB - Virtual size: 233KB