General
-
Target
JaffaCakes118_67a0cb0bc44edffaf9b4eec2d4cd56d5
-
Size
551KB
-
Sample
250116-cedvdawjfs
-
MD5
67a0cb0bc44edffaf9b4eec2d4cd56d5
-
SHA1
9a2a09d7bd48ee6617567e0b65b2b1c7f2044882
-
SHA256
1c559075bebd99a2683bad48705ad1071b9985bdd4691b88e8343388ae5096b3
-
SHA512
40b28945d9c6579ecbfcd91be4fb13a9cdc8f00b2ba9002b6699635fbd8618b38204bea61ac18359ce4af36a05c15f56e6d4c586ed71d18eff3aaddf1baeaa4b
-
SSDEEP
12288:P15m5O7nCQybT7AcHuYVX/fwOrQ0Kc9TSGe02/1NnE0s3DItx9f7b9yqA:NsDZHRCguF95fUh
Malware Config
Extracted
cybergate
v1.18.0 - Crack Version
remote
afflictionrat2.zapto.org:95
FTHKI40TGYEOFI
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
Adobe
-
install_file
svchost.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
getrocked
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Extracted
latentbot
afflictionrat2.zapto.org
Targets
-
-
Target
JaffaCakes118_67a0cb0bc44edffaf9b4eec2d4cd56d5
-
Size
551KB
-
MD5
67a0cb0bc44edffaf9b4eec2d4cd56d5
-
SHA1
9a2a09d7bd48ee6617567e0b65b2b1c7f2044882
-
SHA256
1c559075bebd99a2683bad48705ad1071b9985bdd4691b88e8343388ae5096b3
-
SHA512
40b28945d9c6579ecbfcd91be4fb13a9cdc8f00b2ba9002b6699635fbd8618b38204bea61ac18359ce4af36a05c15f56e6d4c586ed71d18eff3aaddf1baeaa4b
-
SSDEEP
12288:P15m5O7nCQybT7AcHuYVX/fwOrQ0Kc9TSGe02/1NnE0s3DItx9f7b9yqA:NsDZHRCguF95fUh
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Cybergate family
-
LatentBot
Modular trojan written in Delphi which has been in-the-wild since 2013.
-
Latentbot family
-
Adds policy Run key to start application
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-