General
-
Target
JaffaCakes118_31ace0a4a1dd72460e9ba87947c25652
-
Size
255KB
-
Sample
250126-cq4j6szmgn
-
MD5
31ace0a4a1dd72460e9ba87947c25652
-
SHA1
93fc64049e420b01f7336c3e0eee3fde823eb27c
-
SHA256
c42ca5ee80b2520206e26936b7ffed9316be25cbbc4f8922970bded307478136
-
SHA512
7d33d6380125dd626c74ff7d0181fb419e27e1466a3bc18a249ff3c05d424bf032ce3e5e3328b1084f8708eadd234498defbd34c549d9812bc93dee0aebaeab7
-
SSDEEP
3072:7dirawHnxU8QnQDpZj9+0FDCUfr0I4txBm+M3b7rBn6KXEw8B1t/7/Ce+7bpul/4:70iY1Z0A/rF4txJGrBn6Hz9CdBfoS
Malware Config
Extracted
cybergate
v1.11.0 - Public Version
remote
rashid001butt.no-ip.biz:999
A5AMR3XFEY01YH
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
system32
-
install_file
.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
Bismillah
Targets
-
-
Target
JaffaCakes118_31ace0a4a1dd72460e9ba87947c25652
-
Size
255KB
-
MD5
31ace0a4a1dd72460e9ba87947c25652
-
SHA1
93fc64049e420b01f7336c3e0eee3fde823eb27c
-
SHA256
c42ca5ee80b2520206e26936b7ffed9316be25cbbc4f8922970bded307478136
-
SHA512
7d33d6380125dd626c74ff7d0181fb419e27e1466a3bc18a249ff3c05d424bf032ce3e5e3328b1084f8708eadd234498defbd34c549d9812bc93dee0aebaeab7
-
SSDEEP
3072:7dirawHnxU8QnQDpZj9+0FDCUfr0I4txBm+M3b7rBn6KXEw8B1t/7/Ce+7bpul/4:70iY1Z0A/rF4txJGrBn6Hz9CdBfoS
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Cybergate family
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-