General
-
Target
6bc6080027745ff667dea0100b4c1a40_JaffaCakes118
-
Size
1.3MB
-
Sample
240523-wf2glsba4z
-
MD5
6bc6080027745ff667dea0100b4c1a40
-
SHA1
5b94a0eb93df223e4579ac14aaf4144a7ef18e6a
-
SHA256
7c99c3ba63e62169c9604b3673aad85223c452b42a2b5eabe8e66211568466f0
-
SHA512
8bd616927b7517060170382bb8de806ca6186968b7498e0e7c733dc636b2816a41836115fb72feba95b2324486e413becdcd10d98a3fa191777f4ce30fe73015
-
SSDEEP
3072:b2cNXLC3FLJHnVqVKIaa88rc/VVwwyIdVAVI2QRZQR001Ig5/JlUF8/CSNJuiMic:bVm9gcEH5GEf1xx4T
Malware Config
Extracted
cybergate
2.6
vítima
younesstop1.zapto.org:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
abcd1234
Extracted
latentbot
younesstop1.zapto.org
Targets
-
-
Target
6bc6080027745ff667dea0100b4c1a40_JaffaCakes118
-
Size
1.3MB
-
MD5
6bc6080027745ff667dea0100b4c1a40
-
SHA1
5b94a0eb93df223e4579ac14aaf4144a7ef18e6a
-
SHA256
7c99c3ba63e62169c9604b3673aad85223c452b42a2b5eabe8e66211568466f0
-
SHA512
8bd616927b7517060170382bb8de806ca6186968b7498e0e7c733dc636b2816a41836115fb72feba95b2324486e413becdcd10d98a3fa191777f4ce30fe73015
-
SSDEEP
3072:b2cNXLC3FLJHnVqVKIaa88rc/VVwwyIdVAVI2QRZQR001Ig5/JlUF8/CSNJuiMic:bVm9gcEH5GEf1xx4T
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Adds policy Run key to start application
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-