General

  • Target

    a219ef3141cddfcf5832d638bf96a918_JaffaCakes118

  • Size

    364KB

  • Sample

    240817-lzkm4azcma

  • MD5

    a219ef3141cddfcf5832d638bf96a918

  • SHA1

    ec4d10b80c60a1979649fbe5523cabc678f06776

  • SHA256

    ac0a264730749bbb0c089d4477d2d5eab84461c935d968a9c33623a29f5bbfa2

  • SHA512

    d4e83c002079ee7a0b4c2cebfebcae47e0201d4ce316493d2421647fa7cc89ddcc0e47d4d3934f99c25550663f402e4bfe46753a8b5406239c142bc6e7b8bc40

  • SSDEEP

    6144:tHN1cRDDVWZcJf2iDG/0yUUQGfinZPJd+Nm8WhF+s/0CHrYmCBAi/bgdSByYnuy:tHCgqG/iZPJdj8wuCLYmCBAO9yU

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

127.0.0.1:82

mrrochdi.no-ip.info:82

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

Targets

    • Target

      a219ef3141cddfcf5832d638bf96a918_JaffaCakes118

    • Size

      364KB

    • MD5

      a219ef3141cddfcf5832d638bf96a918

    • SHA1

      ec4d10b80c60a1979649fbe5523cabc678f06776

    • SHA256

      ac0a264730749bbb0c089d4477d2d5eab84461c935d968a9c33623a29f5bbfa2

    • SHA512

      d4e83c002079ee7a0b4c2cebfebcae47e0201d4ce316493d2421647fa7cc89ddcc0e47d4d3934f99c25550663f402e4bfe46753a8b5406239c142bc6e7b8bc40

    • SSDEEP

      6144:tHN1cRDDVWZcJf2iDG/0yUUQGfinZPJd+Nm8WhF+s/0CHrYmCBAi/bgdSByYnuy:tHCgqG/iZPJdj8wuCLYmCBAO9yU

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks