General

  • Target

    8cb87060d6eea262824ab86867bdf6d4_JaffaCakes118

  • Size

    667KB

  • Sample

    240812-bh19eayamk

  • MD5

    8cb87060d6eea262824ab86867bdf6d4

  • SHA1

    aba3db1db01b033a1f3ebaae3906265b55db5c58

  • SHA256

    7eb34839917c66129a5e38f8f8a9d027dce28a8e1a1c0ebc4ffef4c520bce8cd

  • SHA512

    448dff37cced428d13eb88e0df8110399287dc9c7977c305f29892590b371e4b927734e836ef4e05f356cd92bc133c575269d216c7de69f309cff0876d958dd5

  • SSDEEP

    12288:ESK4U2UPvfJlq1eMptmOMWGKayr2vzcUkUq4RHhHUryG8jz5FHp3ExH2:Er4uXhOeMpYpWpaShBMB0uHrBCW

Malware Config

Extracted

Family

cybergate

Version

2.7 Final

Botnet

vítima

C2

ahmedahmed.no-ip.info:82

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

Targets

    • Target

      8cb87060d6eea262824ab86867bdf6d4_JaffaCakes118

    • Size

      667KB

    • MD5

      8cb87060d6eea262824ab86867bdf6d4

    • SHA1

      aba3db1db01b033a1f3ebaae3906265b55db5c58

    • SHA256

      7eb34839917c66129a5e38f8f8a9d027dce28a8e1a1c0ebc4ffef4c520bce8cd

    • SHA512

      448dff37cced428d13eb88e0df8110399287dc9c7977c305f29892590b371e4b927734e836ef4e05f356cd92bc133c575269d216c7de69f309cff0876d958dd5

    • SSDEEP

      12288:ESK4U2UPvfJlq1eMptmOMWGKayr2vzcUkUq4RHhHUryG8jz5FHp3ExH2:Er4uXhOeMpYpWpaShBMB0uHrBCW

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks