Extracted

• • Target

    JaffaCakes118_6ff1f59f2aa1a5cbc8786a05269923ab

  • Size

    872KB

  • MD5

    6ff1f59f2aa1a5cbc8786a05269923ab

  • SHA1

    1da04aceebf1c0433e0e7aa66ccf2075c324b5c6

  • SHA256

    725ef8d696263393422d08883ad8aefee372a8d1fbd274d6caa1f581d88a6671

  • SHA512

    2e8eaa91a3e5d31d10d86ed41e96e297297553d808ac0b4ca90ade524c03ec1a5dfe6c5b8b3e91af3228af7fb941f71dd38ce6a5ff044c2fb9738f39b901b66a

  • SSDEEP

    24576:CKwPfO2U+RAkWoTIfkptpYJ+4q1R2nurOusn65L:d2VjsfkTy84q1RUurOy

  Score

  10^/10

  cybergateöííédiscoverypersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2