General

  • Target

    f6c5dd5b30a685ee89561d8dac345530_JaffaCakes118

  • Size

    296KB

  • Sample

    240925-ywj9daycle

  • MD5

    f6c5dd5b30a685ee89561d8dac345530

  • SHA1

    c40b7a8d15221543ad4cacc38e47737b51340e36

  • SHA256

    16b2a58284437cba265d71690e35871e3c572ab403db0541c633ee82dc4c931a

  • SHA512

    dda6914eaad891b5d7dca47440bbd97003600cd100fd0114c8f442678054abc20e79967c472ab65283e3c35bbee0fd7393492ec334cffcacb24b74bc6a1556d0

  • SSDEEP

    6144:ollNSbwgBaOrGdLoRcl5QH4R5NK2zhasqtppdLYjO+23YFG9:oWwgrG+yQYRC2zUpfMK+2Ii

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

ÖÍíÉ

C2

127.0.0.1:288

tha.no-ip.biz:81

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    svchost.exe

  • install_file

    windows.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    t?tulo da mensagem

  • password

    abcd1234

Targets

    • Target

      f6c5dd5b30a685ee89561d8dac345530_JaffaCakes118

    • Size

      296KB

    • MD5

      f6c5dd5b30a685ee89561d8dac345530

    • SHA1

      c40b7a8d15221543ad4cacc38e47737b51340e36

    • SHA256

      16b2a58284437cba265d71690e35871e3c572ab403db0541c633ee82dc4c931a

    • SHA512

      dda6914eaad891b5d7dca47440bbd97003600cd100fd0114c8f442678054abc20e79967c472ab65283e3c35bbee0fd7393492ec334cffcacb24b74bc6a1556d0

    • SSDEEP

      6144:ollNSbwgBaOrGdLoRcl5QH4R5NK2zhasqtppdLYjO+23YFG9:oWwgrG+yQYRC2zUpfMK+2Ii

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.