General
-
Target
6e8065cf2131811159af1d0df52c6435_JaffaCakes118
-
Size
244KB
-
Sample
241023-mxjtfsxglj
-
MD5
6e8065cf2131811159af1d0df52c6435
-
SHA1
ad32b2d02490219385773c772f61cfafa61a007f
-
SHA256
87adc20e041bc04a2e8dde77c4c18b8437536c5944738cd257c9b74b6e994d5a
-
SHA512
5c5164abdf7f00b88b54a0a07266a0d4dc8728a1d19613081a9455453ec7b614448e52978e5ea1dba601c93af5d44bdc22aabb4a1de2b6578f169d45dfa43edf
-
SSDEEP
6144:ocVife4PlVifpenEVshiYWKW1LRnt4PEAPHOGfX5kHYvCP06O3Wcy/T/3nK23Jso:xVife4PlVifpenEVshiYWKW1LRnt4PEL
Malware Config
Extracted
cybergate
2.5
vítima
mierda.no-ip.org:8080
asdd.zapto.org:8080
dasdasdas.zapto.org:8080
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
sis
-
install_file
sis34.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Se he producido un error critico en el programa, pruebe a reiniciarlo en modo de compatibilidad
-
message_box_title
Codigo de error 4xCg7f
-
password
1234
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
6e8065cf2131811159af1d0df52c6435_JaffaCakes118
-
Size
244KB
-
MD5
6e8065cf2131811159af1d0df52c6435
-
SHA1
ad32b2d02490219385773c772f61cfafa61a007f
-
SHA256
87adc20e041bc04a2e8dde77c4c18b8437536c5944738cd257c9b74b6e994d5a
-
SHA512
5c5164abdf7f00b88b54a0a07266a0d4dc8728a1d19613081a9455453ec7b614448e52978e5ea1dba601c93af5d44bdc22aabb4a1de2b6578f169d45dfa43edf
-
SSDEEP
6144:ocVife4PlVifpenEVshiYWKW1LRnt4PEAPHOGfX5kHYvCP06O3Wcy/T/3nK23Jso:xVife4PlVifpenEVshiYWKW1LRnt4PEL
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-