Extracted

• • Target

    JaffaCakes118_1b3340886beb99cb6f8db9b7695e7ab4

  • Size

    399KB

  • MD5

    1b3340886beb99cb6f8db9b7695e7ab4

  • SHA1

    3f29e8c632c79287e19a70d8180533553357563a

  • SHA256

    351e929db6cc353e62993e3e139a6232a2a8aa5680bede56ba22160f943842d7

  • SHA512

    b2c2a1e10d0a4ba119093f139c3243a2dfa6784508c7562e3063fd9278c6f22e82519dd067cacc1cea22d396ef8213991962af62f12a72493f40c0ad7c2effde

  • SSDEEP

    12288:i3UtjAF3SwlXUf6pNmNBBppaqevKbESJYh8Nq:kU+1hlk7nBm7yg8YEq

  Score

  10^/10

  cybergate2406discoverypersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2