Extracted

• • Target

    JaffaCakes118_04eaa90b97d1e93f11699edd42617c2e

  • Size

    264KB

  • MD5

    04eaa90b97d1e93f11699edd42617c2e

  • SHA1

    20ff0c8ab078f85896421a58d6db76ad91010ad2

  • SHA256

    ee775cc67e915485c63483798a28b473b6d5ce5e566f8fdc1a7b494016beedb9

  • SHA512

    0bd597b9ae00c791dea3d9cb3837d7e0051089aa646d902917223f8d1588e0ea6b9ef4c134b3c1980f53de36cd276343f630c21a4a582018e3269467032bac93

  • SSDEEP

    6144:VkkozNZIKgiajJzh2pAxpjpJNGYgkbpqrtdFw1+Ur:ykYNKKgiajj2uxJPkytqad

  Score

  10^/10

  cybergatemem0rexdiscoverypersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2