General
-
Target
JaffaCakes118_cb75f782b0ecb8ede7c1e5fd30043571
-
Size
283KB
-
Sample
250119-stn7natkds
-
MD5
cb75f782b0ecb8ede7c1e5fd30043571
-
SHA1
2027c00662a557a39aeb06cb5efa5027031a0c7b
-
SHA256
aa6da6ce3fbadc165864009fe886ccfbae4581fb4bf1e9b58766d3f94ed803e5
-
SHA512
c983a52caa46c089fedd98179256472e06b7171c6ae630cefe0bd962a09e8a3317a1cfb9edfe4af131878f497866fb3120f7448493618620880a9a39526843d2
-
SSDEEP
6144:PDABQWrxpAuO/50BTnqPd0Mpz71hh4nXjjf8MZ9BKXKR:LUaGLE0kxGnESBR
Malware Config
Targets
-
-
Target
JaffaCakes118_cb75f782b0ecb8ede7c1e5fd30043571
-
Size
283KB
-
MD5
cb75f782b0ecb8ede7c1e5fd30043571
-
SHA1
2027c00662a557a39aeb06cb5efa5027031a0c7b
-
SHA256
aa6da6ce3fbadc165864009fe886ccfbae4581fb4bf1e9b58766d3f94ed803e5
-
SHA512
c983a52caa46c089fedd98179256472e06b7171c6ae630cefe0bd962a09e8a3317a1cfb9edfe4af131878f497866fb3120f7448493618620880a9a39526843d2
-
SSDEEP
6144:PDABQWrxpAuO/50BTnqPd0Mpz71hh4nXjjf8MZ9BKXKR:LUaGLE0kxGnESBR
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Cybergate family
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
2