Extracted

• • Target

    bca5b3a4b173acc7cbe1d817c61f9c38_JaffaCakes118

  • Size

    575KB

  • MD5

    bca5b3a4b173acc7cbe1d817c61f9c38

  • SHA1

    13909de3b78f2055116af6fc1b984851632b671c

  • SHA256

    e7faaf1cf824f0b159193622366b8042503595747bd53366da833718f5f08f1b

  • SHA512

    9c64cfe06a95c8fbd22814d7026a96158ace9c7f4fbe30dc71199b4965e7007bd163335a76b42909c912b2724f85fada43f4e51c28e8d86460b210ea35dd2b63

  • SSDEEP

    6144:f/7CRPy3ksbF7dQpEce7G5iFGatzS37wKD5n098AJf112mP7Zg8frjQlOZv5dPBE:bCRPqksJXoaTKDN0jLrZgyrjx55Javk4

  Score

  10^/10

  discoverycybergatevítimapersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Deletes itself

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2