General
-
Target
JaffaCakes118_7d1d730d7f125f86f323d79fec23512d
-
Size
456KB
-
Sample
250104-3jsgfavmfq
-
MD5
7d1d730d7f125f86f323d79fec23512d
-
SHA1
27d2ceb7a94d3f23c7c25917fb847482aa053c22
-
SHA256
e7d75da2f9c22be8c58676c31f49e15a3a1a6af81149c7c5231ef272a0d9312e
-
SHA512
85df9ca4ae7fa7355b6a1222fd68506117a3eec4290da9aedb60253d952a77bc5e5ece15fbd5f70fabd53c8d4bd75688a1233fac1f3d4f8df57146240751f75e
-
SSDEEP
12288:nnpH4HYWO9E3pm9gl9o7JXT8DF+VpLXw82Y1JsuUR1glqJUZWkc:npHfUiFIDF0BX8YwuMglqW4kc
Malware Config
Targets
-
-
Target
JaffaCakes118_7d1d730d7f125f86f323d79fec23512d
-
Size
456KB
-
MD5
7d1d730d7f125f86f323d79fec23512d
-
SHA1
27d2ceb7a94d3f23c7c25917fb847482aa053c22
-
SHA256
e7d75da2f9c22be8c58676c31f49e15a3a1a6af81149c7c5231ef272a0d9312e
-
SHA512
85df9ca4ae7fa7355b6a1222fd68506117a3eec4290da9aedb60253d952a77bc5e5ece15fbd5f70fabd53c8d4bd75688a1233fac1f3d4f8df57146240751f75e
-
SSDEEP
12288:nnpH4HYWO9E3pm9gl9o7JXT8DF+VpLXw82Y1JsuUR1glqJUZWkc:npHfUiFIDF0BX8YwuMglqW4kc
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Cybergate family
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Molebox Virtualization software
Detects file using Molebox Virtualization software.
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-