Overview

overview

10

Static

static

3

JaffaCakes...4a.exe

windows7-x64

10

JaffaCakes...4a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5a064addca31cc7ca448cbb6e4c78a4a

  • Size

    2.7MB

  • Sample

    250309-tjf9qsvmt3

  • MD5

    5a064addca31cc7ca448cbb6e4c78a4a

  • SHA1

    c0d38bf7c40d50643f0e98b023edf9d46a845372

  • SHA256

    9dae201039484054b1ff046169b7b4b5647c391b6bdb5817bcb25684fe364c09

  • SHA512

    62d2aaa1a51c0008f572ba0ca1c2c646abc6279bec26c6f8a5fbd99526403cc30a49906e9480dbc00faf48e253ad41fa6ab52a5801d2af239a7aa7fda6b83e2a

  • SSDEEP

    24576:okK1WysBo+d8ZktrvSGBJm4gWp87NYOYLXWo2XC4JMC00ruymlE8Lx7/7BsifSB6:okK3sBBzONos00Ahtsd0Fmq/INJI

Score
10/10
cybergatelatentbotcredential_accessdiscoverypersistencespywarestealertrojanupx

Malware Config

Extracted

Family

latentbot

C2

flaboyserver.zapto.org

Targets

    • Target

      JaffaCakes118_5a064addca31cc7ca448cbb6e4c78a4a

    • Size

      2.7MB

    • MD5

      5a064addca31cc7ca448cbb6e4c78a4a

    • SHA1

      c0d38bf7c40d50643f0e98b023edf9d46a845372

    • SHA256

      9dae201039484054b1ff046169b7b4b5647c391b6bdb5817bcb25684fe364c09

    • SHA512

      62d2aaa1a51c0008f572ba0ca1c2c646abc6279bec26c6f8a5fbd99526403cc30a49906e9480dbc00faf48e253ad41fa6ab52a5801d2af239a7aa7fda6b83e2a

    • SSDEEP

      24576:okK1WysBo+d8ZktrvSGBJm4gWp87NYOYLXWo2XC4JMC00ruymlE8Lx7/7BsifSB6:okK3sBBzONos00Ahtsd0Fmq/INJI

    Score
    10/10
    cybergatediscoverypersistencestealertrojanlatentbotcredential_accessspywareupx

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

      trojanstealercybergate

    • Cybergate family

      cybergate

    • LatentBot

      Modular trojan written in Delphi which has been in-the-wild since 2013.

      trojanlatentbot

    • Latentbot family

      latentbot

    • Adds policy Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.