General

  • Target

    a2912c062d781b0969fdee995d02b5b4_JaffaCakes118

  • Size

    193KB

  • Sample

    240817-pv2ycsyepk

  • MD5

    a2912c062d781b0969fdee995d02b5b4

  • SHA1

    74ed2dba584ed6776738ce2f27b08b148bc192c7

  • SHA256

    2d8263231d65f9b9a2c20ff1bf8b10878beb11b7e5f8c547810a4b004c3fb03b

  • SHA512

    691a198acb66e8d8ee8f34f7db4dbb185e039834a3ab2c408ebb585da56fed081c6289176ff3904687302913582388f342fa46282960315a9d6f7ad2ac6c0981

  • SSDEEP

    3072:xEl0D1QQZnHNQG0YwqpSkgYcFxupC++/S3U1ltntN6d3DtrC0j2lcsnY:xEGZnmrq1gYcHF+P3gltqDtW0i

Malware Config

Extracted

Family

cybergate

Version

2.4

Botnet

vítima

C2

127.0.0.1:82

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

Targets

    • Target

      a2912c062d781b0969fdee995d02b5b4_JaffaCakes118

    • Size

      193KB

    • MD5

      a2912c062d781b0969fdee995d02b5b4

    • SHA1

      74ed2dba584ed6776738ce2f27b08b148bc192c7

    • SHA256

      2d8263231d65f9b9a2c20ff1bf8b10878beb11b7e5f8c547810a4b004c3fb03b

    • SHA512

      691a198acb66e8d8ee8f34f7db4dbb185e039834a3ab2c408ebb585da56fed081c6289176ff3904687302913582388f342fa46282960315a9d6f7ad2ac6c0981

    • SSDEEP

      3072:xEl0D1QQZnHNQG0YwqpSkgYcFxupC++/S3U1ltntN6d3DtrC0j2lcsnY:xEGZnmrq1gYcHF+P3gltqDtW0i

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks