General

  • Target

    9efe3ade1e594d657d642ce0d60c9ef0_JaffaCakes118

  • Size

    312KB

  • Sample

    240816-s9nk3atale

  • MD5

    9efe3ade1e594d657d642ce0d60c9ef0

  • SHA1

    05bf54d02266e1f2f7eaffdd5ce84a04619deca0

  • SHA256

    1f386f5b5599020748250827524cab302e579cb6b40f618ce475d93188080eef

  • SHA512

    9d5a54d204f1eda51f11029186aba17119e6b7a9a73595a083ec9ddac7e1dc06c609a9eb1598477dde7f3c0d810e058fc73dcd5317a15c128da25c0f7342b8c9

  • SSDEEP

    6144:3/gu9KW8BATJXGm3xogV1GU/P/kGDWCIS4yVQmzb:3/jKW1TtGkz3kO94yQ2

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

127.0.0.1:81

Mutex

***MUTnmnEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    instig

  • install_file

    Wildfer.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

Targets

    • Target

      9efe3ade1e594d657d642ce0d60c9ef0_JaffaCakes118

    • Size

      312KB

    • MD5

      9efe3ade1e594d657d642ce0d60c9ef0

    • SHA1

      05bf54d02266e1f2f7eaffdd5ce84a04619deca0

    • SHA256

      1f386f5b5599020748250827524cab302e579cb6b40f618ce475d93188080eef

    • SHA512

      9d5a54d204f1eda51f11029186aba17119e6b7a9a73595a083ec9ddac7e1dc06c609a9eb1598477dde7f3c0d810e058fc73dcd5317a15c128da25c0f7342b8c9

    • SSDEEP

      6144:3/gu9KW8BATJXGm3xogV1GU/P/kGDWCIS4yVQmzb:3/jKW1TtGkz3kO94yQ2

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks