General
-
Target
ef27bbbcf3bdc38ea6f7b779c090828e_JaffaCakes118
-
Size
332KB
-
Sample
241214-rg54zavjct
-
MD5
ef27bbbcf3bdc38ea6f7b779c090828e
-
SHA1
0d1593dfb05e4289485236c54542e48b87c11709
-
SHA256
9d128272a7bdcbd428c61b81d41a49fcab1cf8a59f82a00d252f24768216bf0c
-
SHA512
fb65da4658feb2a3ac8c9e201eee263f26987df4a8be6ca1496b592848b551dea9bf060488c036314c7109863fcab20e8b16e269f07abe02635f741e7ac0ea86
-
SSDEEP
6144:xYVZKdLTfAwPesRK7xenRfqtoPvzzrwGCeRMfz6xOX6h/R+2S69wvQ6Obw:UZmTffPMcRytucKRKz6y6hJSTQt
Malware Config
Extracted
cybergate
v1.04.8
remote
127.0.0.1:90
88FCB6KKHYIM44
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
walido
Targets
-
-
Target
ef27bbbcf3bdc38ea6f7b779c090828e_JaffaCakes118
-
Size
332KB
-
MD5
ef27bbbcf3bdc38ea6f7b779c090828e
-
SHA1
0d1593dfb05e4289485236c54542e48b87c11709
-
SHA256
9d128272a7bdcbd428c61b81d41a49fcab1cf8a59f82a00d252f24768216bf0c
-
SHA512
fb65da4658feb2a3ac8c9e201eee263f26987df4a8be6ca1496b592848b551dea9bf060488c036314c7109863fcab20e8b16e269f07abe02635f741e7ac0ea86
-
SSDEEP
6144:xYVZKdLTfAwPesRK7xenRfqtoPvzzrwGCeRMfz6xOX6h/R+2S69wvQ6Obw:UZmTffPMcRytucKRKz6y6hJSTQt
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Cybergate family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-