General

  • Target

    JaffaCakes118_0687f138cd4f4ea48cf16cd1c487dc2c

  • Size

    281KB

  • Sample

    250121-wv3m8awlhw

  • MD5

    0687f138cd4f4ea48cf16cd1c487dc2c

  • SHA1

    01bbcfad670762f6f7d6aa410a9e488438b2ef70

  • SHA256

    728e6fb6cceee5995ce3bb9d0a9e0275ffe96b9cbc9010a88a7584fa7b41edbd

  • SHA512

    3fb017ef445fae6880f3a4873b061248bacc2b213224b199c62940357eb3150d404be8aeff3aab4fef3dcc32e822f68d25199c1f47820678da8b523be7a22f12

  • SSDEEP

    6144:AScrLK4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXij0:RcVy78QSVnNyhsFMCeSj0

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Crack Version

Botnet

alertpay

C2

alertpay1928.sytes.net:81

Mutex

1K255182PQ37LM

Attributes
  • enable_keylogger

    false

  • enable_message_box

    false

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    192837q

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Targets

    • Target

      JaffaCakes118_0687f138cd4f4ea48cf16cd1c487dc2c

    • Size

      281KB

    • MD5

      0687f138cd4f4ea48cf16cd1c487dc2c

    • SHA1

      01bbcfad670762f6f7d6aa410a9e488438b2ef70

    • SHA256

      728e6fb6cceee5995ce3bb9d0a9e0275ffe96b9cbc9010a88a7584fa7b41edbd

    • SHA512

      3fb017ef445fae6880f3a4873b061248bacc2b213224b199c62940357eb3150d404be8aeff3aab4fef3dcc32e822f68d25199c1f47820678da8b523be7a22f12

    • SSDEEP

      6144:AScrLK4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXij0:RcVy78QSVnNyhsFMCeSj0

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Cybergate family

    • Adds policy Run key to start application

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.