Extracted

• • Target

    ffe04a86850b3706563893b5c2316b88_JaffaCakes118

  • Size

    782KB

  • MD5

    ffe04a86850b3706563893b5c2316b88

  • SHA1

    e35cbfdd66a2fa561ec2af70b362bc0d9b4451fc

  • SHA256

    c9c314c9e026c233fa279d1d58ac462d1128f57896b55925f78e5e988f27ca22

  • SHA512

    d5789ad86a3bfc1950352b9f620fc2001aea6ddf879a0333e95880106147ef1dcc26f1cc4b3cba93bddd8d9603635df263afdbedf2e2d1c1bb51c2de4fe84809

  • SSDEEP

    24576:T7IR4ugpq3szVahieQiiTStgV8kS5Yoz4Ep9yZpt8:AaZptzVaKetKBoYozGK

  Score

  10^/10

  cybergatelatentbotdiscoverypersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • LatentBot

    Modular trojan written in Delphi which has been in-the-wild since 2013.

    trojanlatentbot

  • Latentbot family

    latentbot

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2