Extracted

• • Target

    afebe21f81fc4a8c2824c73efe1b65b1_JaffaCakes118

  • Size

    2.1MB

  • MD5

    afebe21f81fc4a8c2824c73efe1b65b1

  • SHA1

    d4b020c900925118afe75061bf162b3a48b64a45

  • SHA256

    dd62b3bc5e3e6bd6e635089b048ca3874003b402940c224169a753fd4b171ce6

  • SHA512

    2afb6a3aa01523fed89b86a78769432ed7e02b137c0222bef1fa0e8268cc93c13d2bb60ea33dab620e4d1aa898940fa4abbb44d52e3e4384cebf61803bca1080

  • SSDEEP

    49152:uz5o0EHNnL+0BEx53uy4Nv/nsCNIjVx3i:05mL+0BGNt4N3nhej3i

  Score

  10^/10

  cybergatecrypter22credential_accessdiscoverypersistencespywarestealerthemidatrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2