General

  • Target

    9438199c375739123b3e83e9b8180745_JaffaCakes118

  • Size

    290KB

  • Sample

    240813-wy9kyaygnf

  • MD5

    9438199c375739123b3e83e9b8180745

  • SHA1

    ac7b9ac26c35428dcffc5043f51f505dd1b5bd12

  • SHA256

    0efd9002f0533238396b56c53f5f971363c9c22e28c968bc5fca848ba4059e19

  • SHA512

    1db1e8a61520db6b899c268c5d0e3f5cf7cd5c659508a8cf9029715d257adf393363fd16f911a741ddce06dae4de80eb2f0639ebadc48d03a38b19c72c6e8145

  • SSDEEP

    6144:ImcD66RRjV5JGmrpQsK3RD2u270jupCJsCxCB:BcD663wZ2zkPaCxG

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

f6p.no-ip.biz:100

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    love

  • install_file

    image.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

Targets

    • Target

      9438199c375739123b3e83e9b8180745_JaffaCakes118

    • Size

      290KB

    • MD5

      9438199c375739123b3e83e9b8180745

    • SHA1

      ac7b9ac26c35428dcffc5043f51f505dd1b5bd12

    • SHA256

      0efd9002f0533238396b56c53f5f971363c9c22e28c968bc5fca848ba4059e19

    • SHA512

      1db1e8a61520db6b899c268c5d0e3f5cf7cd5c659508a8cf9029715d257adf393363fd16f911a741ddce06dae4de80eb2f0639ebadc48d03a38b19c72c6e8145

    • SSDEEP

      6144:ImcD66RRjV5JGmrpQsK3RD2u270jupCJsCxCB:BcD663wZ2zkPaCxG

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks