Extracted

• • Target

    bce1c3666ad026adcae65c8e6d5daeb4_JaffaCakes118

  • Size

    1.3MB

  • MD5

    bce1c3666ad026adcae65c8e6d5daeb4

  • SHA1

    3b335072d22fdb462cc232432d30f6491a6e24e2

  • SHA256

    d2234828bf8fc7f1db8373811dd0fb2dad3da0320a09d564889f14407b9604ec

  • SHA512

    5fe5957dd9d7c11c99cb3535bceca262a03969010277a42280a3c4f5609796628486db3f053570b3d89524c9958dffc00197e4db4f105d44f403bc50b7950aff

  • SSDEEP

    24576:+JZZsC/dxMKkp3JBRvqwTlXndGn2xLbxAokPHYcheRlaL8tle546gLGCxX/DbG:+JZZZJQ3JBRvqwTlXd+czp9pNtPfG

  Score

  10^/10

  cybergatetrialdiscoverypersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2