cybergate | 2e8d40c7d455cc7c5bc120ce1d56be56c8645b30d3c603b444f874e003575690 | Triage

Sharing

General

Target

JaffaCakes118_16d1577679d1b3f28d34a1e71b43bc54
Size

174KB
Sample

250222-ddrkhsxjdm
MD5

16d1577679d1b3f28d34a1e71b43bc54
SHA1

ac68348cd44e2f129a9394702e5bd9d1c875f049
SHA256

2e8d40c7d455cc7c5bc120ce1d56be56c8645b30d3c603b444f874e003575690
SHA512

cbee555b4facf886ca3b4e5b92743330deb504a51349bcb9b3300f3ab96e3251fd2766a28d5db133a6e1f58ba2fd64bd5856a8a07b02abcd67e705a70ed6f6c2
SSDEEP

3072:PATpuydVEOyqGnlqxIl4ZgBKhdOhbYCkW7E/Zuuke0I:POpslFlqbhdBCkWYxuukI

Score

10^/10

cybergate dylan

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Dylan

C2

dyland.no-ip.biz:82

Mutex

6V3A2A2JL2BQN1

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
123456
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  JaffaCakes118_16d1577679d1b3f28d34a1e71b43bc54
- Size
  
  174KB
- MD5
  
  16d1577679d1b3f28d34a1e71b43bc54
- SHA1
  
  ac68348cd44e2f129a9394702e5bd9d1c875f049
- SHA256
  
  2e8d40c7d455cc7c5bc120ce1d56be56c8645b30d3c603b444f874e003575690
- SHA512
  
  cbee555b4facf886ca3b4e5b92743330deb504a51349bcb9b3300f3ab96e3251fd2766a28d5db133a6e1f58ba2fd64bd5856a8a07b02abcd67e705a70ed6f6c2
- SSDEEP
  
  3072:PATpuydVEOyqGnlqxIl4ZgBKhdOhbYCkW7E/Zuuke0I:POpslFlqbhdBCkWYxuukI
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2