General

  • Target

    062eb3df240a90a6da52b3d40293ed6f_JaffaCakes118

  • Size

    464KB

  • Sample

    240620-p52ekssfnn

  • MD5

    062eb3df240a90a6da52b3d40293ed6f

  • SHA1

    7398a746f66fbe8b46904763edf25c97130f0ae7

  • SHA256

    af6c6a26403d16540f3dbdc372d5846b2d29fa372128b105a9f93c4645acf255

  • SHA512

    140b45a235c405d0e0b2a89bd3c813b4b6deeb8db6096bbd489948d870200a9e3fb5df317b99c289e78272430a206d7c59374d6875b06c8983d37651da89f393

  • SSDEEP

    12288:1lXw4Pm/1RJ3EWDwMQAYAsrC7rRjZRRskJi8kTPq:1N9PK0WDvvssZv

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ÖÍíÉ

C2

127.0.0.1:81

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    svchost.exe

  • install_file

    windows.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

Targets

    • Target

      062eb3df240a90a6da52b3d40293ed6f_JaffaCakes118

    • Size

      464KB

    • MD5

      062eb3df240a90a6da52b3d40293ed6f

    • SHA1

      7398a746f66fbe8b46904763edf25c97130f0ae7

    • SHA256

      af6c6a26403d16540f3dbdc372d5846b2d29fa372128b105a9f93c4645acf255

    • SHA512

      140b45a235c405d0e0b2a89bd3c813b4b6deeb8db6096bbd489948d870200a9e3fb5df317b99c289e78272430a206d7c59374d6875b06c8983d37651da89f393

    • SSDEEP

      12288:1lXw4Pm/1RJ3EWDwMQAYAsrC7rRjZRRskJi8kTPq:1N9PK0WDvvssZv

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

3
T1012

System Information Discovery

4
T1082

Tasks