Extracted

• • Target

    ef8aeefdce07d26159712df417db7606_JaffaCakes118

  • Size

    585KB

  • MD5

    ef8aeefdce07d26159712df417db7606

  • SHA1

    7dc589d9940636dac45d8e52b73a6d6b78f1f283

  • SHA256

    a1a6a8bd706e6d99570cf149051a58873f329e1b20813089861a0bbf8664b8c6

  • SHA512

    88c48ca7bf1619b0079da17059b7dac16b12714a3ac0cae1f92c9c7d0afab415a11d203164b9744fb12916b454ada8b11d7ec68dc042e56e0b8d0b3b3f57e0c7

  • SSDEEP

    6144:R5c7G22OxGaXeGFdQT/xvjy7EwO8K6froCG79dpxBi0jt3QHq/lHybxf5JGmrpQ6:H1u7FO8lftGnpG0tQKSeZ2zkPaCxC

  Score

  10^/10

  cybergatem1discoverypersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2