General
-
Target
fb06e58e8092be47c7f68012c7e5207f_JaffaCakes118
-
Size
274KB
-
Sample
240419-yctnpsde95
-
MD5
fb06e58e8092be47c7f68012c7e5207f
-
SHA1
356d07cfbc87b7d7eb69b7a3b73a0686a40a4807
-
SHA256
ced2339d2b8097fff910cdeeb7e79959c4b60b736f809c17a3c9010c4d262b8e
-
SHA512
0c2b34135b274d10d9749203a099410c138e52e8086c22ef13c9ababead9d7860b780844ac9058c2e5682e83742443fe02bb1502691a88591021a92ba9158152
-
SSDEEP
6144:cMjsrtcPtdPUbYKDXfgttQ6QajohbfmIV5ojC:c8mtcF5UnfgjQ6QajopfmIVKm
Malware Config
Extracted
cybergate
v1.07.5
micro13natural
freefree13.hopto.org:1313
microsoft-corp.myftp.org:1313
U827U0JI5X0C7D
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./result/
-
ftp_interval
20
-
ftp_password
f131313
-
ftp_port
21
-
ftp_server
ftp.drivehq.com
-
ftp_username
greenfreak13
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
Svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
true
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
f131313
Targets
-
-
Target
fb06e58e8092be47c7f68012c7e5207f_JaffaCakes118
-
Size
274KB
-
MD5
fb06e58e8092be47c7f68012c7e5207f
-
SHA1
356d07cfbc87b7d7eb69b7a3b73a0686a40a4807
-
SHA256
ced2339d2b8097fff910cdeeb7e79959c4b60b736f809c17a3c9010c4d262b8e
-
SHA512
0c2b34135b274d10d9749203a099410c138e52e8086c22ef13c9ababead9d7860b780844ac9058c2e5682e83742443fe02bb1502691a88591021a92ba9158152
-
SSDEEP
6144:cMjsrtcPtdPUbYKDXfgttQ6QajohbfmIV5ojC:c8mtcF5UnfgjQ6QajopfmIVKm
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-