General
-
Target
JaffaCakes118_423780663625a99c1f7bebfb50966ed8
-
Size
420KB
-
Sample
250114-wp4y4avmhw
-
MD5
423780663625a99c1f7bebfb50966ed8
-
SHA1
88c26a36b77e300b1b9a8f90d5f4a367d8f4226d
-
SHA256
4dd790d0893d26f7515a0fb72eeab4f6fd7822c48d04b5c2ec794f152deff68a
-
SHA512
7bb34637d0389da9062e0f61791c72d245ec0741554abadb3dc0740e609785997ba9d45f80854f4443bb3992d23f5a016646e8603776214754ad72d1b30b342b
-
SSDEEP
6144:tiPRxwbOQDXCQ97dRUgwKY+1tJnfE5olnjzWBnJ3MszTt5XLMS6R5F:8PHREXCQR3pY+JfCoF4fJA5F
Malware Config
Extracted
cybergate
2.6
Server
sven123.no-ip.biz:1338
***MUTEX***
-
enable_keylogger
true
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Winupd
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Bild konnte nicht geƶffnet werden!
-
message_box_title
picture opain fail
-
password
12345
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
JaffaCakes118_423780663625a99c1f7bebfb50966ed8
-
Size
420KB
-
MD5
423780663625a99c1f7bebfb50966ed8
-
SHA1
88c26a36b77e300b1b9a8f90d5f4a367d8f4226d
-
SHA256
4dd790d0893d26f7515a0fb72eeab4f6fd7822c48d04b5c2ec794f152deff68a
-
SHA512
7bb34637d0389da9062e0f61791c72d245ec0741554abadb3dc0740e609785997ba9d45f80854f4443bb3992d23f5a016646e8603776214754ad72d1b30b342b
-
SSDEEP
6144:tiPRxwbOQDXCQ97dRUgwKY+1tJnfE5olnjzWBnJ3MszTt5XLMS6R5F:8PHREXCQR3pY+JfCoF4fJA5F
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Cybergate family
-
Suspicious use of SetThreadContext
-