General

  • Target

    JaffaCakes118_199dba2c49938033e8108b904a42f1b9

  • Size

    281KB

  • Sample

    250222-ph7m3swpck

  • MD5

    199dba2c49938033e8108b904a42f1b9

  • SHA1

    7ca2a2768788a5342b8b9ecb8c0802d8cfef67a1

  • SHA256

    88276a2f3b9863aeddd518aa3d162032fe3ee6e790f62c2ee366d17e0f9561af

  • SHA512

    5c47371ee9d263d64c261b8689d9e63a287b06447f0e12c042c8a18a3151995d125b0b549a626938068b84bcba73061f448f0b975c5bf9c32a7ca03ae7006b4e

  • SSDEEP

    6144:gScrLK4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXij5:xcly78QSVnNyhsFMCeSj5

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Crack Version

Botnet

remote

C2

mike2375.no-ip.org:7777

Mutex

0545N754T8346X

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    notepad.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    false

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    237566

Targets

    • Target

      JaffaCakes118_199dba2c49938033e8108b904a42f1b9

    • Size

      281KB

    • MD5

      199dba2c49938033e8108b904a42f1b9

    • SHA1

      7ca2a2768788a5342b8b9ecb8c0802d8cfef67a1

    • SHA256

      88276a2f3b9863aeddd518aa3d162032fe3ee6e790f62c2ee366d17e0f9561af

    • SHA512

      5c47371ee9d263d64c261b8689d9e63a287b06447f0e12c042c8a18a3151995d125b0b549a626938068b84bcba73061f448f0b975c5bf9c32a7ca03ae7006b4e

    • SSDEEP

      6144:gScrLK4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXij5:xcly78QSVnNyhsFMCeSj5

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks