Extracted

• • Target

    f30ef2fb2ce8ccf982cb1b2a8a5c455d_JaffaCakes118

  • Size

    307KB

  • MD5

    f30ef2fb2ce8ccf982cb1b2a8a5c455d

  • SHA1

    096f7eaf767228b1d41022ccf90cf258f2d3ecb7

  • SHA256

    c8f4c7e408f36f266bb260452db1b8684c008ea109f93c11a369efed33ae6f89

  • SHA512

    adc1ec6dfef0fbe690b70878808816294c901ec024a39c39149f295cf2fe66d992e2a9f1520f65e9af18fae5cbf61359d9dc50422e0f564ff821f945f318bc81

  • SSDEEP

    6144:wyKqTj3/zR1XO+MOSLUh0jPc9Q59WVWbK2baFwfHv5qXGo:wjezR1XOf7jcI9WVW/baOHBU3

  Score

  10^/10

  cybergatemodiloaderöííédiscoverypersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • ModiLoader Second Stage

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2