General
-
Target
b33b08dc818f6763a6bcb7cd8514e55d_JaffaCakes118
-
Size
344KB
-
Sample
241129-yc91paxlgp
-
MD5
b33b08dc818f6763a6bcb7cd8514e55d
-
SHA1
d2fe89773c31300250866cbf23c68d651aac9d40
-
SHA256
a07b735276ebe782bdc52341c1240464a277447d1bf53244cb2dbf171d89a608
-
SHA512
dc03e6f5ba2db33d8e03ca6f1c4783737fcd9e82d28b557381f2e76dabd43e4aaa4e803697917489d95a805ff08cf9b5ab325ed10758e350af3f827b33ba47be
-
SSDEEP
6144:O/nNfWGkPbchctUxd+0DBhY2InhlYzZmQe36n7Ncn+gLsbAUsyTaaCMCkfNN4:AwpPkTUheca7yv4EuaFCli
Malware Config
Extracted
cybergate
v1.07.5
crypttest
195.2.253.179:443
RQFW6OE5YXBN8V
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
ujrsopzjps1$s212
Targets
-
-
Target
b33b08dc818f6763a6bcb7cd8514e55d_JaffaCakes118
-
Size
344KB
-
MD5
b33b08dc818f6763a6bcb7cd8514e55d
-
SHA1
d2fe89773c31300250866cbf23c68d651aac9d40
-
SHA256
a07b735276ebe782bdc52341c1240464a277447d1bf53244cb2dbf171d89a608
-
SHA512
dc03e6f5ba2db33d8e03ca6f1c4783737fcd9e82d28b557381f2e76dabd43e4aaa4e803697917489d95a805ff08cf9b5ab325ed10758e350af3f827b33ba47be
-
SSDEEP
6144:O/nNfWGkPbchctUxd+0DBhY2InhlYzZmQe36n7Ncn+gLsbAUsyTaaCMCkfNN4:AwpPkTUheca7yv4EuaFCli
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Cybergate family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-