Overview

overview

10

Static

static

3

bee0398363...18.exe

windows7-x64

10

bee0398363...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2024 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bee0398363217eaedbdee4b83e5909fd_JaffaCakes118.exe

  • Size

    2.1MB

  • MD5

    bee0398363217eaedbdee4b83e5909fd

  • SHA1

    eeaf4acab9a4d247bb3513110dfffe370301763e

  • SHA256

    1d4b18074aa3d958adb6f52e8ba7e37cf6bc799d46784734275cf476a2867622

  • SHA512

    da608822c3c570f8fe62a10d0b76ed3c706271ff7f22c4ee7c844a5b5e9af48c736d8cf12a393ba3d390e6dd3ed70b26c43a1ab60061812661855fb6183ae22b

  • SSDEEP

    49152:qtACGnO8DYVanUCV9RR2z9TRAiuLjFIWgUWPt5lVU0Eo:qtQnOaUC3q9ojMfP00Eo

Score
10/10
cybergatevítima 4shareddiscoveryevasionstealertrojan

Malware Config

Extracted

Family

cybergate

Version

2.7 Final

Botnet

vítima 4shared

C2

lucasgusmao.no-ip.org:2000

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • ftp_password

    123654

  • ftp_port

    21

  • ftp_server

    ftp.server.com

  • ftp_username

    ftp_user

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    true

  • message_box_caption

    Falta de DLL ,Instale a DLL e Reinicie o PC... complemento comdl32.ocx

  • message_box_title

    Error!!!

  • password

    123654

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate
  • Cybergate family
    cybergate
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 1 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\bee0398363217eaedbdee4b83e5909fd_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\bee0398363217eaedbdee4b83e5909fd_JaffaCakes118.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Users\Admin\AppData\Local\Temp\bee0398363217eaedbdee4b83e5909fd_JaffaCakes118.exe
      C:\Users\Admin\AppData\Local\Temp\bee0398363217eaedbdee4b83e5909fd_JaffaCakes118.exe
      2⤵
      • UAC bypass
      • Windows security bypass
      • Windows security modification
      • Checks whether UAC is enabled
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2008
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1864
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1864 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d84824105fa8ca55ffc02947c9627f0

    SHA1

    2aeedbaf1a9d144a59740228d0b34e8f4e051e55

    SHA256

    c846e4bfa2667d8c45eb339ec38548469d9a63135e89f8640341bc2b83f090f4

    SHA512

    fc61506cf5a792d866146fadec3ca8770e7c071df4b3dc86a856619d459ce3f87b1356140222ef7c4b97c3f057afae33a8353debb102cdce62536e37ab2599fd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9179e19a6cc90abb0d525cc74ab14dfb

    SHA1

    58f5818aab8b1628f7d746d5e3b6cd3ac30ce73b

    SHA256

    bfc83695bcb524fa88169902201683cbf24b05e94d2d9acd35a2cbceb24ce082

    SHA512

    ccc7a549a9743452d1d8dc66af130f1015fd6e55472e3c7d9f8260971e234e71b0de55115c25d9ebf47e3b5d5ea8e8c51ad0faf337069fa6f46bfbf3813119af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    052c98c755824477eb083646785ef316

    SHA1

    e239df437e48953386fd879ef115c39357160077

    SHA256

    54bf4011d037dc0e8974aecf00637b98380d3634b2da65a909657092809f4d5a

    SHA512

    92f852423b248b093b9126da07f3e0b47cfd98e4feb8f55dcc8347c93307e178c7ef9f640c727c067f49c68887781b4934036bbe2c27b711fef9a81cdbdb520c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9261a0ffa0491fcd29f3b6cc2dbdbef

    SHA1

    fc091f46bee7c0e62a288f01e4442bb0a3fcc6cc

    SHA256

    09458eea89c53c79bef301dbfc1f71ea772e7f92538dc0ad8d8514e05a2d0f96

    SHA512

    3da3a748d43496d3af8e0920b71a22d9f493e363538176a839d971da5b1a7925eb7d7c022d3ecf1bd62d33e871290985ec55931455a70f55763f6d16306ebb49

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    125ad1b897dbaeb60d236f05b9dd58fb

    SHA1

    ceaa9bd83f2d6830cba4188ccf52e7ba8fefae81

    SHA256

    79c2060bdab9e3e8ecbb09d7783e9ea94843b7589a6898a473cf4f6524eaf900

    SHA512

    48a89cde1a9876cef291fb6f74b8fc11d4095ce6458b81f77dbdff996938d10579d863349f77969dea9ce43b254a4d32755712dc5a34a54b8b48df57a2e0e838

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    57d0e97771d6dbbc10a1e39ba50fc132

    SHA1

    6af660e2030a0a70dc95126cb031d8cde19204b5

    SHA256

    a6932ea23d26fbe8e24a23e32a544d01cc09af5dc2f559b09e21d6588dcba8e0

    SHA512

    23f6cbdc1a19a84006c323c0ac0025b84a05beaaa995b5ac317b9b17d12d4724ce4be3b854df2e9a90d7fb1a88a64cf8714ca870eba18fcad773b75dd204e1b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6799cb12ece478fd2f3b51860b99fc96

    SHA1

    514ddeb472b41b2be278c1e82acb799ea264abaa

    SHA256

    c017a47b94117f8e62d5274b5906579381d7b7551ea3210da6c477ca1e6fbbff

    SHA512

    b40545045b4c5e43756bf851a0636ddd8dab0f3c9d8dec732f2fc387bf54f1e06ee326af0399f54d5fc976b424d8d2a81648b2a5e21ea299eb44ebdffc5533bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a16871b81d3f0436ea2074ca3258411e

    SHA1

    97723316da683f2b00b1a453900cbb6ee779d1af

    SHA256

    a52248a9931d311b7e3969c89442192924c64338abeb2bc09583b78a71c9d8c3

    SHA512

    1a899dce1f65f4b34d7489624f672f17a5a074d3e62d5c63d2ca43de9c410c4598f8a244ceaf11f7d30b76e581e41884da6f73fff919d602b82e0e979726ba28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6690506cb24ef7949193bad7a6186e01

    SHA1

    e3a755ba76057722e4d361258e5ad74694fe3804

    SHA256

    7f9051ac5af3f55a35b45e1e4dd59ffdfbe89d4fc7200ebf69cd96ceda71f6f4

    SHA512

    24dae73762388528d58985109d03119e6eac863a603a67321228baaed7006192178b691e695363b81b3070c1d49a13ebbd1fa83709c20f493cc0406f50f36c0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    220e03aa0617ecad7b25c711cebc7bf9

    SHA1

    1dd4a7f3791c7cce15e2c8e9a895fef4b3f9c03d

    SHA256

    8a44352b2b33239df89a4ee63888db370914cb86f35d6db1042e80a411a4e630

    SHA512

    86976adf0c0c60c3c89ed43cf5702f25857be07a7fb36808400b07afd57389d686610cf354fb0773ec47044766ebb392550bb7f0fb10438e50dce6f76fd00837

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d18517c90944e0978595bd50682fe0b0

    SHA1

    4e9f2ed368260c7ee8663d59744c920a627ef29f

    SHA256

    f4805b1a6060069c44314aaacc89a31307cc9f8a2ebab6dbbe8d981e631d6b3c

    SHA512

    d423619287648e1f381357b2e25ae4ab4fb48e23d612fcdab7a24d7994b378e2ff940f140a9757174067b1e48bcdca9b0609d98c4a5538eed40b7113eca0507f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    49aeaf8ff1c14ef85e97fd2c63a1570d

    SHA1

    6001b085022dd7932a544b54341c40a424bd6fb3

    SHA256

    e230dfd2a654a88e77d537c94209b70a5bed56b7a1a2824f8e0fbd284c1786ba

    SHA512

    c7d3a892ab796236f5f3ffa8a9575c63b1b9cf7b295d2a442bf34e02920a2b37c3770ba674d033f7730e5e0f642e6732407612e3edca5fc10fb9e9c560d5004d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ccff25175d6a8a3214e6bdaa004309a0

    SHA1

    48e18d2c24719d4e58c5faad1bc3f8b1af5289a0

    SHA256

    657c71fab6c3801bff8264c6b6fb94a306e5060478b4a585fd671ec3f9c9f053

    SHA512

    0ca156d67276af1af88e1691c299269a34a8b69112254618eac31a8d97d5220c01c1821cded48f9e96bd47fc7a04b89a6abaeee43b07e4c58e155f832ab89a2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a94dcb56de559f91eeae63b9a5547cf7

    SHA1

    e4924a8c231a5eeee62d7231bf4098d085e2aa5c

    SHA256

    1b5a50f79550a0f72b1f69a1a82d13945e71503956dad4ad573ed2546af16295

    SHA512

    c8cbf741840f72affc031c64ddcc5a349eaf085e097dcff90eafe97da6545df98e084e27dfec64e8df282cc65ca749323ee61f01a6ee76df20178372966b06cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14e6a57f4d3d02d37f50fb7fee5f2f3d

    SHA1

    158a3b8905f86112941f36163731306efba6c2b8

    SHA256

    7718857ff726ee3f58b3272880bca768a73893e24d262f6c1c55ab0500873153

    SHA512

    aa1995049a9e1d220143c5ee54a59f46b0eb6c5af9769bb4dc31a852994561c2a9f22a8e425436c2c72369d79cf5105ae4c3e078be005465895effd4a1e58d4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4123d445ca8bd227159573dd64a5a99a

    SHA1

    28fa4c15c666443437b14ba4c5f181a6717613ff

    SHA256

    31ae196700528bc4060fb6ad3ff5ab035d10c375e3b98604d5b4a4ce3b1d13b9

    SHA512

    22af91995a0f8c3637db5de9cc41aaefdd54449ca8270471b4366082255ae6c627083bf129a0e85bcb65a276d39f1c01b93d9e7e45123e4849e40da1089dc866

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2705d559e1293d2220378fae89e148ea

    SHA1

    b08b14d88cc9dba488cf8bc571608d3f45580d87

    SHA256

    6f293360b9b3843b371335e010d7be8a56b4b2c2f9f7e86098a4980906026ee3

    SHA512

    7677bf9479bbc46a42869303a235f83b6aceeff8a35c436383fbf21a7c8676bff9810ea1ee5c110ff9d44ecb52650a7358b5141232f22ebc8882e5d8b44967ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0cb401d9cb76071c9004e6d270e370ed

    SHA1

    e7cc0f3b5fedfd20c5c06de41cdbffa8dc41bd5e

    SHA256

    b301a82ec047e8e54b56543332869ce44f7939d59bd7d1870efe3c5368abeaa7

    SHA512

    ef7a7a0e9a8b0360e24669b36fb0d8d9ec942ad1bbb5f8275df2e32fe2f12e478ff2c912dac995d5eb41341d5f2d7a37bf32152ce864f0729b2e48077c93cd0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34e4cd4a9bf8427b0f46be00341bf51e

    SHA1

    932bf31ccca630ba7babf77dce66506b98645cea

    SHA256

    a7107f915aa53c2891e7a48b1257343726d968b51c45fd89797688b38418709c

    SHA512

    176601426e2ea333ae50d6ce33b970162344fd7508dd7dbcbed90fd7539de65de72dce5c772c25a687d8f3a2745f3d4e8cf062dbdd862c3b41849164b94b39bf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD349.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD3E8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1864-21-0x0000000000400000-0x00000000004AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/1976-13-0x0000000000400000-0x00000000004C9000-memory.dmp

    Filesize

    804KB

    Download

  • memory/1976-1-0x0000000000320000-0x0000000000322000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1976-0-0x0000000000400000-0x00000000004C9000-memory.dmp

    Filesize

    804KB

    Download

  • memory/1976-17-0x0000000000400000-0x00000000004C9000-memory.dmp

    Filesize

    804KB

    Download

  • memory/1976-15-0x00000000006B0000-0x0000000000779000-memory.dmp

    Filesize

    804KB

    Download

  • memory/2008-24-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2008-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2008-9-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2008-16-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2008-6-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2008-2-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2008-4-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download