Overview

overview

10

Static

static

3

COMDLG32.dll

windows7-x64

3

COMDLG32.dll

windows10-2004-x64

3

ChamaleonButton.dll

windows7-x64

3

ChamaleonButton.dll

windows10-2004-x64

3

Corp-51 Cr...er.exe

windows7-x64

10

Corp-51 Cr...er.exe

windows10-2004-x64

10

Corp-51 Cr...tX.exe

windows7-x64

3

Corp-51 Cr...tX.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c0253b087c596d58e1bfbf6c7274253_JaffaCakes118

  • Size

    447KB

  • Sample

    241007-hcaylaveke

  • MD5

    1c0253b087c596d58e1bfbf6c7274253

  • SHA1

    2fa3c49271f9258f26a5a267c46522be711ca98f

  • SHA256

    bc5b1ffe4330dd0c62be19a59ed0a03383b97d2aabad0be219458a8cf9bd258c

  • SHA512

    0044b7ba7d5b189299fe5c5cdd5fe604e2f53348d6d19aebfa33b4fd065ad45b7b77341875ce092b265a837a5d19d994eea944e7dc7850e6fb9bac965eced4f8

  • SSDEEP

    12288:piHNi+Cs/kvvKKkehnIWl2H67BEP//0F5bJLN72LiHN481kmWcLxs:AHNi+jkXKKkcIq2H6lfHtHNxWcFs

Score
10/10
cybergateserverdiscoverystealertrojanupx

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Server

C2

dephacker.no-ip.org:80

dephacker.no-ip.org:81
Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    Microsoft

  • install_file

    svchost.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    sombra

Targets

    • Target

      COMDLG32.OCX

    • Size

      137KB

    • MD5

      d76f0eab36f83a31d411aeaf70da7396

    • SHA1

      9bc145b54500fb6fbea9be61fbdd90f65fd1bc14

    • SHA256

      46f4fdb12c30742ff4607876d2f36cf432cdc7ec3d2c99097011448fc57e997c

    • SHA512

      9c22bc6b2e7dbcd344809085894b768cfa76e8512062c5bbf3caeaa2771c6b7ce128bd5a0b6e385a5da777d0d822a5b2191773cc0ddb05abe1fa935fa853d79d

    • SSDEEP

      3072:VESIiWD8uq4hCqUt6mqD1gRshBgH/voqJrwo2CocrJbQN6N2TRqEydzXS0:VETz566VgRyOJ0oDxQRHf

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      ChamaleonButton.ocx

    • Size

      100KB

    • MD5

      a73cd21288945e3045502bd47131034e

    • SHA1

      8b4d7a926fe7e9418b4815ef833e94460d5bccfb

    • SHA256

      909e08122c26729dc54828b46428df3239468181d2a79764a01ca3c158680641

    • SHA512

      cb92ff16a70b0574c58e745db98839bd8b2520d8091a27846a759c0221f664ed8737cfabdb8167a05e90da5fd5bc6297213c1827998dfcb86814b652addd33c4

    • SSDEEP

      1536:56gpF4+4ZQzOVY0csm6zZhoRpB5EDYhS6/2IAb9e:58bZQuY0a6zMEk

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      Corp-51 Crypter MOD Antrax10 ##FUD##/Corp-51_Crypter.exe

    • Size

      389KB

    • MD5

      5707e1163a7858f6653a3ef6d1202bd8

    • SHA1

      8477aa55a521071e82e49c671404b859337e2d23

    • SHA256

      cec83a00c8e4239983192cd649cca1fe8a0055bf9bddbd8ba435e9ee5889e539

    • SHA512

      d411e32c667e72c5ffdfd46c7c5efd50aa4d2837d3e2e470adcceb77d97e81829718da9f5416ccb6dd8a1db0c1ce902384922d13abdcbd48267e6e2c25d4907d

    • SSDEEP

      6144:yjLhVzxLKQKX+xJv6h2Olh+qqARTPHwYgPMlW7O1TPU6XeFKwyE:yjdVzBcISh2OlXqm/zQCW7O170Kwd

    Score
    10/10
    cybergateserverdiscoverystealertrojanupx

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

      trojanstealercybergate

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      Corp-51 Crypter MOD Antrax10 ##FUD##/XstX.exe

    • Size

      68KB

    • MD5

      4b4c42da69f0321b1a55f0ba522e797d

    • SHA1

      037406388df85735a0d3ca6e10b3390f34ed9892

    • SHA256

      fcd344119bfa584505efbc504304964c4c61a3ee57df792a29e1c2562174cb1b

    • SHA512

      ae3a4ee718d9783cbe59f0935c60ecec1dc5bab3c78673416f0b8a90d281010d00019a0b65883d4d69e86ddc8466adef9701075127988d385e1aec0f15ad689c

    • SSDEEP

      768:SzbYAO7PfYo4SJ9JnrKu3S3+bD5kkA5ZjOXuFvTMwAOfzWJ+0vJvnxP9:mTOJpS85o7OeFjzzQvnb

    Score
    3/10
    discovery
    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks