General
-
Target
a82d67ed1f13d439b29f3269908b934f_JaffaCakes118
-
Size
3.6MB
-
Sample
241127-rbnbzaspcl
-
MD5
a82d67ed1f13d439b29f3269908b934f
-
SHA1
5df6e4577a44b8d6e8159d20b34b1fd0703f0750
-
SHA256
fa3f5e54c66327bbf0b3e79b96fd69109420e8f59825aeb5a3f17878f6ab971f
-
SHA512
55bedc18f14fdedfffb710f3cedff26f0e5dfad87722342d8f6821f9897cd67b2114c4e15d12de8170830bd1c5f45c2a2af810fce52e80b849ed422518d7b366
-
SSDEEP
98304:H4kfVh2oD6Lbnn82ZaRCCWvl8p9dHeH0XdPJqQwJXyO:H4en63nnrC4SeYxK
Malware Config
Extracted
cybergate
2.7 J/M SE
=P
127.0.0.1:81
JoKeR/M@SK
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
tÃtulo da mensagem
-
password
abcd1234
Targets
-
-
Target
a82d67ed1f13d439b29f3269908b934f_JaffaCakes118
-
Size
3.6MB
-
MD5
a82d67ed1f13d439b29f3269908b934f
-
SHA1
5df6e4577a44b8d6e8159d20b34b1fd0703f0750
-
SHA256
fa3f5e54c66327bbf0b3e79b96fd69109420e8f59825aeb5a3f17878f6ab971f
-
SHA512
55bedc18f14fdedfffb710f3cedff26f0e5dfad87722342d8f6821f9897cd67b2114c4e15d12de8170830bd1c5f45c2a2af810fce52e80b849ed422518d7b366
-
SSDEEP
98304:H4kfVh2oD6Lbnn82ZaRCCWvl8p9dHeH0XdPJqQwJXyO:H4en63nnrC4SeYxK
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Cybergate family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-