General

  • Target

    JaffaCakes118_6019867eb20ee1ba74a00dbe87669950

  • Size

    474KB

  • Sample

    250101-xjebxsykat

  • MD5

    6019867eb20ee1ba74a00dbe87669950

  • SHA1

    46d48fd1b7867d0e469e7dd0f1ea45c155695aba

  • SHA256

    48cc0194dfeaa64d979edd26143e45f2fa365141ef805bdc5d7969f56caffc34

  • SHA512

    3e63bf818b72e738c119eab4d5a54326011b08f258b4214a84dc141292bb846f3fb9d7df308e63cf5369189828c2aa6f682466461ce1c20eb5ff9108dc528777

  • SSDEEP

    12288:xne4FCLCYgLJp6gqTmwuBnalvhFgAcCPhPCBuDpP7:9D6yb6gqTmwuMLFgvOhPCB0h7

Malware Config

Extracted

Family

cybergate

Version

2.7 Beta 02

Botnet

vítima

C2

eusoualenda.no-ip.biz:81

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    system.exe

  • install_dir

    install

  • install_file

    svcc.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    123

  • regkey_hkcu

    Win32

  • regkey_hklm

    Win32

Targets

    • Target

      Razer Hacker Injector/Razer Hacker Injector CA-BR.exe

    • Size

      1.6MB

    • MD5

      689170f650be7826ceb4afdcd9b39711

    • SHA1

      4420348d6697e46fe61ac74f0c708d965366fbd9

    • SHA256

      380cee2589fecc487d1c3d1b8a6c84ad8a747a1816fab041471de6dc2b03428b

    • SHA512

      633317ee7d5a9db5d0fb9cd1e5f322f0a8f1225aa1955c1c24a857551eba6ab022c6f7132c970dab19f0d444dcddae69162bc370a47fa78f67a52bad4ee89dfa

    • SSDEEP

      12288:CcD663W51TLUsWwgsxmnYGtctBSXYAEJwpCQKURf:Cv59UsWLsknYHB3+0QVRf

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Cybergate family

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Target

      Razer Hacker Injector/sccsf.dll

    • Size

      344KB

    • MD5

      666ed0ceca943858e373aaa313e76e00

    • SHA1

      f7c87f1f5aa48d688ae1099ae8d927fc2d8f2918

    • SHA256

      72ccd5ce63784577d003dd10d6c8660a5a76e1f4536f0b3befe40a1975d44fd6

    • SHA512

      77e9f7ba6785906405a7104b421154411b76fc8ecbf78b2e54c7f8c04889d324fc59fa155748c80f1e9d0df44e7c20b6292168c4a147840b11856b90ffdac32c

    • SSDEEP

      6144:GCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbCbB:1

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks