Extracted

• • Target

    d9a759bd57806792a47a695d1a7b3cef_JaffaCakes118

  • Size

    8.7MB

  • MD5

    d9a759bd57806792a47a695d1a7b3cef

  • SHA1

    e2b08109f6ce9388bf50947ba66917e6042278e3

  • SHA256

    0ba1f66d0bffd2ad8a6555814fa30602de1b24dc271926bbd2357abd40cdee25

  • SHA512

    c703888e6b557295dad6474aa470eace7a83c1c3ea68ebbd99d6b1f2f5a47e2d2b9a2f6c31fbf2258887c15d70533632a0700fa994736a38e073bf8513468fe9

  • SSDEEP

    6144:7qsilmy+hQIIdNsqFw5vactlkFOhEgyIKUzf24OQJSiwp01XW8lZG8f:7FVhQdeB5v/zPhEjIP+rQJS81XW8C8

  Score

  10^/10

  cybergate2205discoverypersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2