Extracted

Extracted

• • Target

    2abe1ad5ea91dc307b8b521a5e009213_JaffaCakes118

  • Size

    1018KB

  • MD5

    2abe1ad5ea91dc307b8b521a5e009213

  • SHA1

    dab024b2ce332f063c69f078d64d846a25244397

  • SHA256

    3277ace39ec3e42b2e216e4dd08474abcfac283d2679cae3aadfda8b01845f5e

  • SHA512

    f9b32c7840248ba29be1fa94a2b272c2ee06d6c40af6e29e6dcbb47730c2dce90d8f2825cc4a1ff97bf9e073973f8d60cb497a5670626dbec4bb26554f273680

  • SSDEEP

    24576:77fTEdFiXx1RzFIolAvFr3rSnLZUDc+8/:77fTEdFyNzFhlONmVL/

  Score

  10^/10

  cybergatelatentbotserverbootkitdiscoverypersistencespywarestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2