General
-
Target
JaffaCakes118_5af48ee7ac1ef36758a74efc76570d9d
-
Size
1.6MB
-
Sample
250115-szzkksykbq
-
MD5
5af48ee7ac1ef36758a74efc76570d9d
-
SHA1
33b760047351378f8818810ba4a526bf8fe3c3db
-
SHA256
28d63a1a66c4886e4d184bf63ba6f2ce06aa85c58a3b8bc58c5cf92c89bdcc64
-
SHA512
6a86f4283e75a1dd1db62f0d85119ce00cda63787c2e043ed85ca671dbf977a08c5cf29f23ade5119959979955e997251fae7ca4f8427c5c6643e988a553ac45
-
SSDEEP
24576:Dx03nIlcXgYZhukuph303nZupHxe9qee4fjV/9Oklf:Dx0ycXgYWFL0ce9/e4fvOa
Malware Config
Targets
-
-
Target
JaffaCakes118_5af48ee7ac1ef36758a74efc76570d9d
-
Size
1.6MB
-
MD5
5af48ee7ac1ef36758a74efc76570d9d
-
SHA1
33b760047351378f8818810ba4a526bf8fe3c3db
-
SHA256
28d63a1a66c4886e4d184bf63ba6f2ce06aa85c58a3b8bc58c5cf92c89bdcc64
-
SHA512
6a86f4283e75a1dd1db62f0d85119ce00cda63787c2e043ed85ca671dbf977a08c5cf29f23ade5119959979955e997251fae7ca4f8427c5c6643e988a553ac45
-
SSDEEP
24576:Dx03nIlcXgYZhukuph303nZupHxe9qee4fjV/9Oklf:Dx0ycXgYWFL0ce9/e4fvOa
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Cybergate family
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1