General

  • Target

    1d51ccb0f59bffeca96c50c8f479fbd5_JaffaCakes118

  • Size

    296KB

  • Sample

    240702-y6yvhs1hjn

  • MD5

    1d51ccb0f59bffeca96c50c8f479fbd5

  • SHA1

    caf2b96636e128859caa0c136d5f9a877519086a

  • SHA256

    4a22d4854a9361365e20422931fc73717110206e2305514494ea0af0315eb0ec

  • SHA512

    c5768b6bfed12ba4bc4dde9e009f77e845a2c85b2170ccc4fa5d48665dac411f55960713a9057b5f77d3d718b31b3b0f4fe06887a0c2ae3437f1719a624eb7af

  • SSDEEP

    6144:/OpslFlqMhdBCkWYxuukP1pjSKSNVkq/MVJbZ:/wsljTBd47GLRMTbZ

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

r00t

C2

cometa.zapto.org:81

Mutex

IFQQMOG215152B

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    syst.exe

  • install_flag

    false

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    t00r

  • regkey_hklm

    HKLM

Targets

    • Target

      1d51ccb0f59bffeca96c50c8f479fbd5_JaffaCakes118

    • Size

      296KB

    • MD5

      1d51ccb0f59bffeca96c50c8f479fbd5

    • SHA1

      caf2b96636e128859caa0c136d5f9a877519086a

    • SHA256

      4a22d4854a9361365e20422931fc73717110206e2305514494ea0af0315eb0ec

    • SHA512

      c5768b6bfed12ba4bc4dde9e009f77e845a2c85b2170ccc4fa5d48665dac411f55960713a9057b5f77d3d718b31b3b0f4fe06887a0c2ae3437f1719a624eb7af

    • SSDEEP

      6144:/OpslFlqMhdBCkWYxuukP1pjSKSNVkq/MVJbZ:/wsljTBd47GLRMTbZ

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks