General

  • Target

    JaffaCakes118_18481e117edf894504eec1b2be47b352

  • Size

    403KB

  • Sample

    250222-jsmg1atkt5

  • MD5

    18481e117edf894504eec1b2be47b352

  • SHA1

    ff6cc51577ff8f24b91539523c7d77fd18daeede

  • SHA256

    2457e6149fb8fec81c6f40e0c575df1ca1a8bbbc6bc7fb02de427d652aa8dddc

  • SHA512

    733aa74363b8085dc148e4073cc901e599f7df0cf7c2f22b8b5c35aabd3f6043c25d719c04b0aecd9cb5f86adec5ac77db9cf4f1daf3e526874a03c5fa1e664d

  • SSDEEP

    6144:f4ABF94NpAuO/50BTnqPd0Mpz7qhh4nXjjf8MZ9BKXKxLMGcPJDgUTPkZ5RjHXm7:QU7GLE0kuGnESBqGgiUTMZjXq

Malware Config

Extracted

Family

cybergate

Version

v1.04.8

Botnet

remote

C2

amjadd.no-ip.biz:676

Mutex

GLATG02612PVJM

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    123

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Targets

    • Target

      JaffaCakes118_18481e117edf894504eec1b2be47b352

    • Size

      403KB

    • MD5

      18481e117edf894504eec1b2be47b352

    • SHA1

      ff6cc51577ff8f24b91539523c7d77fd18daeede

    • SHA256

      2457e6149fb8fec81c6f40e0c575df1ca1a8bbbc6bc7fb02de427d652aa8dddc

    • SHA512

      733aa74363b8085dc148e4073cc901e599f7df0cf7c2f22b8b5c35aabd3f6043c25d719c04b0aecd9cb5f86adec5ac77db9cf4f1daf3e526874a03c5fa1e664d

    • SSDEEP

      6144:f4ABF94NpAuO/50BTnqPd0Mpz7qhh4nXjjf8MZ9BKXKxLMGcPJDgUTPkZ5RjHXm7:QU7GLE0kuGnESBqGgiUTMZjXq

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks