General

  • Target

    40bfb104db77a3149debd297969ad74d_JaffaCakes118

  • Size

    290KB

  • Sample

    240713-jcmg3a1hnl

  • MD5

    40bfb104db77a3149debd297969ad74d

  • SHA1

    4d120ff9ea5c767b6ea826e12bae4b35c431e416

  • SHA256

    b7857fed1bca505591aaed522a0bdb1f28607a38423a4ce2ac58e784f520afa4

  • SHA512

    6d6191ca6f1afef7e6e205d16cc032a8e76045882ddedfddb9f67a19308ced9f81fb5d581852abdfd5290a3a739c6aec551857ff32402e85c59c92e041e15873

  • SSDEEP

    6144:lhcD6zQAjP5JGmrpQsK3RD2u270jucCJsCxCU:PcD6zluZ2zkwaCxZ

Malware Config

Targets

    • Target

      40bfb104db77a3149debd297969ad74d_JaffaCakes118

    • Size

      290KB

    • MD5

      40bfb104db77a3149debd297969ad74d

    • SHA1

      4d120ff9ea5c767b6ea826e12bae4b35c431e416

    • SHA256

      b7857fed1bca505591aaed522a0bdb1f28607a38423a4ce2ac58e784f520afa4

    • SHA512

      6d6191ca6f1afef7e6e205d16cc032a8e76045882ddedfddb9f67a19308ced9f81fb5d581852abdfd5290a3a739c6aec551857ff32402e85c59c92e041e15873

    • SSDEEP

      6144:lhcD6zQAjP5JGmrpQsK3RD2u270jucCJsCxCU:PcD6zluZ2zkwaCxZ

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks