General

  • Target

    a10b2aa6a8da849edf2a78b3b197702e_JaffaCakes118

  • Size

    876KB

  • Sample

    240817-d3mmvsyakj

  • MD5

    a10b2aa6a8da849edf2a78b3b197702e

  • SHA1

    68ea29a0a8c4e52cc6d4d18f1e261a0b53de9e80

  • SHA256

    6ae9d83df6f977210400d26f505b99a7830061ed5dce410bbaa3727b4c388297

  • SHA512

    d76c716237fb12f5c7cb2511e88ba69c6999032e46db592a790965504e460d5716a938adfa385b63d64722307baf755761edd6376ff61620851db5d587b11f8a

  • SSDEEP

    24576:rdit9puhILH8v+fq/VZ/atb4okr3fO2NjyklnAIacw2:0t9Ouq/3/Sb4oY32GZAIacw2

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

meddasdomain.zapto.org:288

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    comandll

  • install_file

    comandll.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    application install cam Chat merci

  • message_box_title

    CamChat 6.2.1

  • password

    abcd1234

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Targets

    • Target

      a10b2aa6a8da849edf2a78b3b197702e_JaffaCakes118

    • Size

      876KB

    • MD5

      a10b2aa6a8da849edf2a78b3b197702e

    • SHA1

      68ea29a0a8c4e52cc6d4d18f1e261a0b53de9e80

    • SHA256

      6ae9d83df6f977210400d26f505b99a7830061ed5dce410bbaa3727b4c388297

    • SHA512

      d76c716237fb12f5c7cb2511e88ba69c6999032e46db592a790965504e460d5716a938adfa385b63d64722307baf755761edd6376ff61620851db5d587b11f8a

    • SSDEEP

      24576:rdit9puhILH8v+fq/VZ/atb4okr3fO2NjyklnAIacw2:0t9Ouq/3/Sb4oY32GZAIacw2

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks