Extracted

• • Target

    11978beb07b6dd36787f17dd9f484cf6_JaffaCakes118

  • Size

    1.1MB

  • MD5

    11978beb07b6dd36787f17dd9f484cf6

  • SHA1

    4859c7272299afc4a79931ed4b8c64596a415866

  • SHA256

    0cd500a6aad0d11c58ed1764d762666626c4d5873fd28d1b952ec7863d7d47d9

  • SHA512

    cf03ebc2d44ce2c379e046bc7bb4da3409d0078776184ac48df0d9abb20e8863ef3022df7d4e41c75aaf28d8ebe3da572cf0a2407c24171e06c5c6f021490319

  • SSDEEP

    24576:VmTbr+Ztbyllzq1Q7hDSB9emCfCXSwN2mYLgMJezl/KBB:Vsbr+3ell+QUfemCFeeLDUzsb

  Score

  10^/10

  cybergateserverdiscoverypersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2