General

  • Target

    03b3fcef4b52ab953108416f3a69e284_JaffaCakes118

  • Size

    281KB

  • Sample

    240622-yh9l4ssbpf

  • MD5

    03b3fcef4b52ab953108416f3a69e284

  • SHA1

    0c387492f293875cbbce85dc4f032d2adfc3a7be

  • SHA256

    dcae1f280d0fcd41f273126c162398e3be55050b50ad24fc84a9dc2264d911f8

  • SHA512

    b5ced45fc625692a8f83a0987605f918d7e3d65f943aabbc35fde58629d37b9f6aa834730554a29b05bfad2717dddfe2f7567bfc82f41bbf12ab2571ad92f2c8

  • SSDEEP

    6144:dScrLF4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijk:ociy78QSVnNyhsFMCeSjk

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Trial version

Botnet

Andrax03-16-12

C2

gp1990.no-ip.org:1990

Mutex

Q00W3PR166L34H

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    Winzip

  • install_file

    Windll.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    gp161990

  • regkey_hkcu

    Windll

  • regkey_hklm

    Windll

Targets

    • Target

      03b3fcef4b52ab953108416f3a69e284_JaffaCakes118

    • Size

      281KB

    • MD5

      03b3fcef4b52ab953108416f3a69e284

    • SHA1

      0c387492f293875cbbce85dc4f032d2adfc3a7be

    • SHA256

      dcae1f280d0fcd41f273126c162398e3be55050b50ad24fc84a9dc2264d911f8

    • SHA512

      b5ced45fc625692a8f83a0987605f918d7e3d65f943aabbc35fde58629d37b9f6aa834730554a29b05bfad2717dddfe2f7567bfc82f41bbf12ab2571ad92f2c8

    • SSDEEP

      6144:dScrLF4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijk:ociy78QSVnNyhsFMCeSjk

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

MITRE ATT&CK Matrix

Tasks