General

  • Target

    925ae04b651c01fafa81f39ef002e1e9_JaffaCakes118

  • Size

    2.3MB

  • Sample

    240813-kmxw8atfpc

  • MD5

    925ae04b651c01fafa81f39ef002e1e9

  • SHA1

    1957e35c1039abd38dbfc79e6c943ccd4e69d986

  • SHA256

    8ae8ae4fd076242ba7cf519f617423febac1499553b54a6965e826dcb7e049ae

  • SHA512

    18235f9ff26b6c1e803c49daf2d0242d2aef03fa6eae7d1d385b9ef46fb0a11a3b781a830db53b3d53f8652a06f41f58f4f7c740c320933803879bd6a9d34a07

  • SSDEEP

    768:Tl03Ea2yGzpQ38zVoaH/CuJImdfNgHtAVN1hQKOAJZOJbdkf:Tl00agNQGflImdfNeAVNrOAJZOJZU

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

127.0.0.1:81

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

Targets

    • Target

      925ae04b651c01fafa81f39ef002e1e9_JaffaCakes118

    • Size

      2.3MB

    • MD5

      925ae04b651c01fafa81f39ef002e1e9

    • SHA1

      1957e35c1039abd38dbfc79e6c943ccd4e69d986

    • SHA256

      8ae8ae4fd076242ba7cf519f617423febac1499553b54a6965e826dcb7e049ae

    • SHA512

      18235f9ff26b6c1e803c49daf2d0242d2aef03fa6eae7d1d385b9ef46fb0a11a3b781a830db53b3d53f8652a06f41f58f4f7c740c320933803879bd6a9d34a07

    • SSDEEP

      768:Tl03Ea2yGzpQ38zVoaH/CuJImdfNgHtAVN1hQKOAJZOJbdkf:Tl00agNQGflImdfNeAVNrOAJZOJZU

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks