General

  • Target

    JaffaCakes118_7fa0dc12c7f0834211461a97d01b3149

  • Size

    284KB

  • Sample

    250116-xx45havlct

  • MD5

    7fa0dc12c7f0834211461a97d01b3149

  • SHA1

    688f6512847b2666bf5dc9ffe97bfde3fc5f1b13

  • SHA256

    194b2ee9e5f67095dad9f585f5216b5f002e49b67e4dd892be450e655b133924

  • SHA512

    a5ffd78898635617eeedc4ba1ce545a539a761689880a605a01681a69a278bc27f7550261eb5c7fa0198d7bdb06e65428b7aa494830dbe166e19756c05ec7e31

  • SSDEEP

    6144:Pk4qmhmL3fr+qEvNLcYfX8Mzw959EYrCrj/+eyoezHj:8926fiqEyss5Lro8oy

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

127.0.0.1:81

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

Targets

    • Target

      JaffaCakes118_7fa0dc12c7f0834211461a97d01b3149

    • Size

      284KB

    • MD5

      7fa0dc12c7f0834211461a97d01b3149

    • SHA1

      688f6512847b2666bf5dc9ffe97bfde3fc5f1b13

    • SHA256

      194b2ee9e5f67095dad9f585f5216b5f002e49b67e4dd892be450e655b133924

    • SHA512

      a5ffd78898635617eeedc4ba1ce545a539a761689880a605a01681a69a278bc27f7550261eb5c7fa0198d7bdb06e65428b7aa494830dbe166e19756c05ec7e31

    • SSDEEP

      6144:Pk4qmhmL3fr+qEvNLcYfX8Mzw959EYrCrj/+eyoezHj:8926fiqEyss5Lro8oy

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.