General

  • Target

    JaffaCakes118_0cfd51831bd21b8f24e23c44f53a5f50

  • Size

    259KB

  • Sample

    250220-t9bf6szjfw

  • MD5

    0cfd51831bd21b8f24e23c44f53a5f50

  • SHA1

    88396640c3019a7f7b9cc81c8d74896a270d0583

  • SHA256

    839549059ae9be3a819d1fce0848963b6b6bd742dfb678feec0d0e4eb361f278

  • SHA512

    84e65d9460cd023e2004ef59e5b21e531295b3ffb4652fdc5395bb4916871102770574ec78f6f039ca186d37dd817942472db5e43f1475f1c0829f994d4ea008

  • SSDEEP

    6144:lmcD66RRjE5JGmrpQsK3RD2u270jupCJsA:AcD663RZ2zkPaA

Score
10/10

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

remote

C2

uomoombra.no-ip.biz:7800

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    winupdate.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    123

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Targets

    • Target

      JaffaCakes118_0cfd51831bd21b8f24e23c44f53a5f50

    • Size

      259KB

    • MD5

      0cfd51831bd21b8f24e23c44f53a5f50

    • SHA1

      88396640c3019a7f7b9cc81c8d74896a270d0583

    • SHA256

      839549059ae9be3a819d1fce0848963b6b6bd742dfb678feec0d0e4eb361f278

    • SHA512

      84e65d9460cd023e2004ef59e5b21e531295b3ffb4652fdc5395bb4916871102770574ec78f6f039ca186d37dd817942472db5e43f1475f1c0829f994d4ea008

    • SSDEEP

      6144:lmcD66RRjE5JGmrpQsK3RD2u270jupCJsA:AcD663RZ2zkPaA

    Score
    1/10

MITRE ATT&CK Matrix

Tasks