Extracted

• • Target

    JaffaCakes118_6de178a5a54f8244f14743ef087a7a07

  • Size

    572KB

  • MD5

    6de178a5a54f8244f14743ef087a7a07

  • SHA1

    822171aedba0881348d502791d1be17d8539f146

  • SHA256

    bcc77db9c2169e9d5861a93c9afdc526118e34e691552ed43e379e862b98ac6d

  • SHA512

    a26dc035ac578c2dfe648ceede4649392c1419da76d12754aae3274d36283e6645eaa853bdd6bbd415a7e752f933b7b862f031ed06440cb923b927df44fdfc6e

  • SSDEEP

    6144:JpwcYFaGYwo5YqkN+HK+9GvFgrpezEheC2Q05+JQ9H9fo2uNtffHspaAOgh+n0Mp:Jp2alk+EvSrMbE05+Ji9Q2iHspaAGDC

  Score

  10^/10

  cybergatevítimadiscoverypersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2