Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

JaffaCakes...05.exe

windows7-x64

10

JaffaCakes...05.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_061b02d17fe404e0a5a541c6d8a34905

  • Size

    311KB

  • MD5

    061b02d17fe404e0a5a541c6d8a34905

  • SHA1

    3de42bcc7ab290ab4f7e3e03776cf4f4e3d56a45

  • SHA256

    4bd44d249da43af87c6a49b9528e80bc7cfbfc1d797d190d8b2a506c7f4c88d2

  • SHA512

    fb0d167c90f12de6730aabfbee2a4b3aaa5018d4cb050d59bbfc075cee6aceda95e7721455e12694a9a33203dddc9ddb04189e79230c58481f0e58ba3b96fa71

  • SSDEEP

    6144:zy+phqLAasWFTwlTLfkixFUQKf3D7TnBAZ5qhbx0:e+pnW0lYixsfvDBAzK90

Score
10/10
miyukihfcybergate

Malware Config

Extracted

Family

cybergate

Version

v1.11.0 - Public Version

Botnet

miyukihf

C2

miyukih.no-ip.info:999

Mutex

0L3B641UAU42W3

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Guten Tag Kamerad!

  • message_box_title

    CyberGate

  • password

    combat18

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • Cybergate family
    cybergate
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_061b02d17fe404e0a5a541c6d8a34905
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections