General

  • Target

    febb862ed107c44c174e3b6f7aad1035_JaffaCakes118

  • Size

    314KB

  • Sample

    241219-gsgwea1pfv

  • MD5

    febb862ed107c44c174e3b6f7aad1035

  • SHA1

    585dd72178c3875e38252fdd25753ba188ce6e20

  • SHA256

    92f751e68e3d9cb75efb4ba9ba071cd8b4fb5c020a90f3e2d9fff295e24ffe8b

  • SHA512

    a06a9286cfcd5cd5ec4cbe3f63f7e082a668a7f58aea44e23c1a7c44dcd7c6e449a515b6195a6bd0be8e6c0656f65e842cbdd30588c313a1f3357d5a37002ce9

  • SSDEEP

    6144:zhe4GgRYMzcwdVEllaCRu8ONXhfUGyRSQCkZX9xZ:zM4G8YCcwmlzRu5N8RCq9D

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

127.0.0.1:81

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    hacked

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Targets

    • Target

      febb862ed107c44c174e3b6f7aad1035_JaffaCakes118

    • Size

      314KB

    • MD5

      febb862ed107c44c174e3b6f7aad1035

    • SHA1

      585dd72178c3875e38252fdd25753ba188ce6e20

    • SHA256

      92f751e68e3d9cb75efb4ba9ba071cd8b4fb5c020a90f3e2d9fff295e24ffe8b

    • SHA512

      a06a9286cfcd5cd5ec4cbe3f63f7e082a668a7f58aea44e23c1a7c44dcd7c6e449a515b6195a6bd0be8e6c0656f65e842cbdd30588c313a1f3357d5a37002ce9

    • SSDEEP

      6144:zhe4GgRYMzcwdVEllaCRu8ONXhfUGyRSQCkZX9xZ:zM4G8YCcwmlzRu5N8RCq9D

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Cybergate family

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.