cybergate | fd0a0dcdc95a24d630207b41efee539abc174c675296da030aa4eb82e75ea6f9 | Triage

Sharing

General

Target

JaffaCakes118_2837cc4a4c86a0de6bf94e6ec5ed34dd
Size

224KB
Sample

250125-e6rawswlcy
MD5

2837cc4a4c86a0de6bf94e6ec5ed34dd
SHA1

9113ca139e7131c7d99b836dda8ca465ecedf4ad
SHA256

fd0a0dcdc95a24d630207b41efee539abc174c675296da030aa4eb82e75ea6f9
SHA512

b1811b09eb1eff6e702dc1b9f4b2917f30ef3b78da4fcebdfe780ef8768f3acb0454066e047ae42a9e30110981ff6acbc21f06b33cf4b6803723b6270e5007f2
SSDEEP

6144:RScrLe4mp8D6WGc/YSlIipBReubLzeh7Yy0DMI3:ccxy78QSVnNyhsFMo

Score

10^/10

cybergate testing

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Trial version

Botnet

testing

C2

127.0.0.1:999

killerpayer.no-ip.biz:999

killerpayer.no-ip.biz:8080

Mutex

5Q8D65FICYJWCW

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
System32
install_file
system.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
you are hacked
message_box_title
remote
password
birthy2005
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  JaffaCakes118_2837cc4a4c86a0de6bf94e6ec5ed34dd
- Size
  
  224KB
- MD5
  
  2837cc4a4c86a0de6bf94e6ec5ed34dd
- SHA1
  
  9113ca139e7131c7d99b836dda8ca465ecedf4ad
- SHA256
  
  fd0a0dcdc95a24d630207b41efee539abc174c675296da030aa4eb82e75ea6f9
- SHA512
  
  b1811b09eb1eff6e702dc1b9f4b2917f30ef3b78da4fcebdfe780ef8768f3acb0454066e047ae42a9e30110981ff6acbc21f06b33cf4b6803723b6270e5007f2
- SSDEEP
  
  6144:RScrLe4mp8D6WGc/YSlIipBReubLzeh7Yy0DMI3:ccxy78QSVnNyhsFMo
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

testingcybergate

behavioral1

behavioral2