General

  • Target

    a272083a2fb45da5a9a7a2d0ade9c7d4_JaffaCakes118

  • Size

    481KB

  • Sample

    240817-n6w1tathnc

  • MD5

    a272083a2fb45da5a9a7a2d0ade9c7d4

  • SHA1

    45a5384134397f61c34d5be02bbd0b1e3e17752e

  • SHA256

    64dca7cda24b35f0f4a96baede9ac5b690f12279cbab266edf0cd92d88187b76

  • SHA512

    a8731535eda9c148ef52bb03ded8c7130e304d3973b57f83f4df5fc99f99a0b1993cf70555fc60e16333ef93c3bca9f1aa35206b1ad099a2a4cb58bac87f3c4a

  • SSDEEP

    12288:/wFz27OaZXEZtTdx7/0BQW/BT2xVORokp:/2KREZN/7NQqm

Malware Config

Extracted

Family

cybergate

Version

2.7 Final

Botnet

vítima

C2

127.0.0.1:81

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    false

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    false

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

Targets

    • Target

      a272083a2fb45da5a9a7a2d0ade9c7d4_JaffaCakes118

    • Size

      481KB

    • MD5

      a272083a2fb45da5a9a7a2d0ade9c7d4

    • SHA1

      45a5384134397f61c34d5be02bbd0b1e3e17752e

    • SHA256

      64dca7cda24b35f0f4a96baede9ac5b690f12279cbab266edf0cd92d88187b76

    • SHA512

      a8731535eda9c148ef52bb03ded8c7130e304d3973b57f83f4df5fc99f99a0b1993cf70555fc60e16333ef93c3bca9f1aa35206b1ad099a2a4cb58bac87f3c4a

    • SSDEEP

      12288:/wFz27OaZXEZtTdx7/0BQW/BT2xVORokp:/2KREZN/7NQqm

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks