Extracted

• • Target

    4963538b2d8ecd2db491b7de2abc574a_JaffaCakes118

  • Size

    300KB

  • MD5

    4963538b2d8ecd2db491b7de2abc574a

  • SHA1

    205b41da0cc12ff04f13063ffa4dd8b390fece52

  • SHA256

    d28cc95652b37939da534ba34ab3da269331f577b0bc1bcd5ad53edb402408b5

  • SHA512

    37aaa0ebbb28ee227b037abb87e01bbd5f000e0242166776e908875f91af37f9e5c19cdd5f0486351752119bbf57bfa5e4340ba757b32872c5eb6fc5c258896c

  • SSDEEP

    6144:ACtGBXFD2GtRr0R5hIyVQMRZ07PBPpZwCYlt6sIKd8tkqd+3i:AWGFD2G3u5hDVQ7ZPpZwC66sIKdEkqUy

  Score

  10^/10

  cybergatevítimadiscoverypersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2