General
-
Target
ddcc7de3ae571a4697cc9afa1f3171a2_JaffaCakes118
-
Size
666KB
-
Sample
241210-j1snzszndz
-
MD5
ddcc7de3ae571a4697cc9afa1f3171a2
-
SHA1
effa45d487c6b37c1347f8ea1831ef10d6875001
-
SHA256
63086812e609a232369de2ef86a8b94a89951dc921da724e73c336043533f467
-
SHA512
e8345b46ae1c4b7fc6c8da37ada285cf36702aba795e676e643ed76c5cdf7a3ca7a183b34541fd6c412c918b53c9b39bb234bbce4db74c4e58b86d9f248c39a9
-
SSDEEP
12288:a2syU56jl+6mzMW/oxGfj1HjAKCTsRVo7A70VWMsOngo5rCNLuQ/JR:OyYz6mzMWQUfj1HMKCMo7IDLu0R
Malware Config
Targets
-
-
Target
ddcc7de3ae571a4697cc9afa1f3171a2_JaffaCakes118
-
Size
666KB
-
MD5
ddcc7de3ae571a4697cc9afa1f3171a2
-
SHA1
effa45d487c6b37c1347f8ea1831ef10d6875001
-
SHA256
63086812e609a232369de2ef86a8b94a89951dc921da724e73c336043533f467
-
SHA512
e8345b46ae1c4b7fc6c8da37ada285cf36702aba795e676e643ed76c5cdf7a3ca7a183b34541fd6c412c918b53c9b39bb234bbce4db74c4e58b86d9f248c39a9
-
SSDEEP
12288:a2syU56jl+6mzMW/oxGfj1HjAKCTsRVo7A70VWMsOngo5rCNLuQ/JR:OyYz6mzMWQUfj1HMKCMo7IDLu0R
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Cybergate family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1