Extracted

• • Target

    JaffaCakes118_82d690c38dab37c257d67d5700c16c8d

  • Size

    212KB

  • MD5

    82d690c38dab37c257d67d5700c16c8d

  • SHA1

    b02b6d8349d36d32af48747dcf9ce8facf8cdf08

  • SHA256

    3e35d55178e3bb404d6981774d4a92ea8079505a6972c661cd918020450e6240

  • SHA512

    f346b25284e546e773daaf4b15949b357e26a42db14c8620b7e6d1a9836fa8bd51da239f3020ea8dc7af6249cd2e9cd1d78952b54c88fd49f5b4bee0f1b04b8b

  • SSDEEP

    6144:rr2BmkVkkehiXeUSmYfzTiTMjUO73BbRF:rr2Bgk5XVSm4T/Z7v

  Score

  10^/10

  cybergateasaddiscoverypersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2