Extracted

• • Target

    22ffde7443bb0485b7849f416ad1884a_JaffaCakes118

  • Size

    712KB

  • MD5

    22ffde7443bb0485b7849f416ad1884a

  • SHA1

    3134aa8774d151b61af95d8b20f20ee53b65acbd

  • SHA256

    d9a841792f06e80076ad2420ea54709feb8b97d7cd39f91b079acbb89278c868

  • SHA512

    15031bcbcd3fea6b16daa44de1a5eea0c6bc586437300eb6e0e4ed34a8fe2a4bf8891a12b3f722ee7e03e57a6e17960dea29e300b52caf5d94435e37f22ec609

  • SSDEEP

    12288:HRFj6hNtXwLWw3SBlnqUtL9+y0w5Mw7eB1xooSGAusOyXEj1DuDSjt:qhNtXwLW0mq+owWw7DolAuhgEj1DuGB

  Score

  10^/10

  cybergatelatentbotpersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Molebox Virtualization software

    Detects file using Molebox Virtualization software.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2