cybergate | JaffaCakes118_5fa3560738f5a8115793ed3f6d370beb

General

Target

JaffaCakes118_5fa3560738f5a8115793ed3f6d370beb
Size

74KB
MD5

5fa3560738f5a8115793ed3f6d370beb
SHA1

0d9232961156d1ff39b6ae7d3eea4045ba442d1b
SHA256

c9b8af15a4deecd68a3cef0307731bedf1343530406ea0c3fc34f5cc6654f488
SHA512

498dd8c379ea01c95d88ee06919979ef45c442b114c1b089e6e959f92a3300f567efb21bfcedaa2fc59ca53d957632c9363e413bc19f40aab7a1b00be88608dc
SSDEEP

1536:BuoATp+AW5oUEVWqX6nk59QFAqj4ulqxIl4Zrpg:/ATpuydVEOyqGnlqxIl4ZS

Score

10^/10

hacked cybergate

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

HackeD

C2

adobe.myftp.biz:3021

Mutex

JCU066G7OT228W

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
.//
ftp_interval
5
injected_process
explorer.exe
install_dir
Mircomedia
install_file
Flash.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Syntax Error 98201
message_box_title
Faild
password
2067217

Signatures

Cybergate family
cybergate

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_5fa3560738f5a8115793ed3f6d370beb

Files

JaffaCakes118_5fa3560738f5a8115793ed3f6d370beb
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 54KB - Virtual size: 54KB

DATA Size: 1024B - Virtual size: 572B

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 3KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 3KB - Virtual size: 3KB

.rsrc Size: 232KB - Virtual size: 232KB

CODE
Size: 54KB - Virtual size: 54KB

DATA
Size: 1024B - Virtual size: 572B

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 232KB - Virtual size: 232KB