General
-
Target
611ea66719cb72062115e23a1b841931_JaffaCakes118
-
Size
576KB
-
Sample
241020-jmzv5syfrj
-
MD5
611ea66719cb72062115e23a1b841931
-
SHA1
dd9e3c9760d3f16f0504d95bcd8a08d575186439
-
SHA256
5c0249469a47bb64251004ee431d79ed72af77b72c1f23814fcc0bb688359086
-
SHA512
24429de1660e958b38ea3e3ef4f9f2228f7f90b4e5ba5282fa346ae76f962dc18629098e169c468f41785ea55c04b63041070727bae596fc2f444da171cad653
-
SSDEEP
12288:IdBxXYeZISRNNaAP0fzumD8umhpJJZpTH:yXXYeZIwRI3ihlZpTH
Malware Config
Extracted
cybergate
2.5
vítima
kyrpyk.no-ip.biz:81
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
drivers
-
install_file
windrv.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
sopcast alreadi instaled in your system
-
password
abcd1234
Targets
-
-
Target
611ea66719cb72062115e23a1b841931_JaffaCakes118
-
Size
576KB
-
MD5
611ea66719cb72062115e23a1b841931
-
SHA1
dd9e3c9760d3f16f0504d95bcd8a08d575186439
-
SHA256
5c0249469a47bb64251004ee431d79ed72af77b72c1f23814fcc0bb688359086
-
SHA512
24429de1660e958b38ea3e3ef4f9f2228f7f90b4e5ba5282fa346ae76f962dc18629098e169c468f41785ea55c04b63041070727bae596fc2f444da171cad653
-
SSDEEP
12288:IdBxXYeZISRNNaAP0fzumD8umhpJJZpTH:yXXYeZIwRI3ihlZpTH
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-