General
-
Target
b2589fb6820d1cd90762cf9522cbba8e_JaffaCakes118
-
Size
347KB
-
Sample
241129-tjy5jsypcp
-
MD5
b2589fb6820d1cd90762cf9522cbba8e
-
SHA1
5e0ade6f9b3a898679ebaebc1373aa00b630459a
-
SHA256
bf2ea69ef963f790aee7fabddbc79b6aa04c4a8454078a29aa449321a2c1ee75
-
SHA512
823440963124ff67c80cc061e39b17f42cd56e2e2a7cb1a7a69b645a1ff8ed60b1e9584062c393273386e988d769c64cf1e7f9a80ac78324f5e2439954302d25
-
SSDEEP
6144:akCkVSSNQZJYNpRlFXVzuqO+ZLESoeYcxGSYj9qBHKHuor:a6QZJYNpRlFMqdZADIxYj0B+uG
Malware Config
Extracted
cybergate
2.5
vítima
prueba-2.no-ip.org:3416
prueba-2.no-ip.org:3417
intelInc
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
iexplorer
-
install_dir
explorer
-
install_file
cmdprompt.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
texto da mensagem
-
message_box_title
título da mensagem
-
password
13131311
-
regkey_hkcu
regedit
-
regkey_hklm
explorer
Targets
-
-
Target
b2589fb6820d1cd90762cf9522cbba8e_JaffaCakes118
-
Size
347KB
-
MD5
b2589fb6820d1cd90762cf9522cbba8e
-
SHA1
5e0ade6f9b3a898679ebaebc1373aa00b630459a
-
SHA256
bf2ea69ef963f790aee7fabddbc79b6aa04c4a8454078a29aa449321a2c1ee75
-
SHA512
823440963124ff67c80cc061e39b17f42cd56e2e2a7cb1a7a69b645a1ff8ed60b1e9584062c393273386e988d769c64cf1e7f9a80ac78324f5e2439954302d25
-
SSDEEP
6144:akCkVSSNQZJYNpRlFXVzuqO+ZLESoeYcxGSYj9qBHKHuor:a6QZJYNpRlFMqdZADIxYj0B+uG
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Cybergate family
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-