Extracted

• • Target

    c5dd4df325b14e58cf851e0bcb617953_JaffaCakes118

  • Size

    3.1MB

  • MD5

    c5dd4df325b14e58cf851e0bcb617953

  • SHA1

    fc47da7c0c4d7d26f300ac70b44748d47eafe960

  • SHA256

    e742a50fc5dc16f9ac7ca253fce897b08ccbb2dcbf579f137d3e6adba61fc7c0

  • SHA512

    d6f32e64e5d169823a8f2f7e60f7c6ac24cc274c5ed3eba5767f6150566fb9d0f371c0c6f1167eea70e00333b609883b2d383009bb901962d4b69aa2c9a641c9

  • SSDEEP

    49152:OcfSvMffxA9VXP/fCy/uQ5E6POvJ0g2/e6NNhUYZ:O5Effm9xtXZ/Zd

  Score

  10^/10

  cybergatecovid 22discoverypersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2