Extracted

• • Target

    3352e59cde2746218209cdb8d3b2f174_JaffaCakes118

  • Size

    393KB

  • MD5

    3352e59cde2746218209cdb8d3b2f174

  • SHA1

    dc07e365cc34b643c4affd61f8ab3d25d0f8f922

  • SHA256

    1e25c0035a809111d8af254109d253af3afaf18972f8fed654021bcfdbc4f3c9

  • SHA512

    7f34a971435e30a4d98e2d272fd0505484a61f71b2ea28bd9d7f1fae51bb682c1aa72ab592227d07048769c02d632b32886ced89f2bb364a30491b03145dd712

  • SSDEEP

    12288:LJnxQkZGYlVSXN+c2TtNzyxTxHkxBlx5j6T:9nxTPlVyb2ZNzyxTxHyBlxR6

  Score

  10^/10

  cybergatevítimacredential_accessdiscoverypersistencespywarestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2