Overview

overview

10

Static

static

3

JaffaCakes...b3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_a63edd8d2d5f2e573d8107119aaf4db3

  • Size

    367KB

  • Sample

    250409-w3sg8ayydt

  • MD5

    a63edd8d2d5f2e573d8107119aaf4db3

  • SHA1

    0bee1eb9746d0c71dcc035ab60b3d7e1d2c1de40

  • SHA256

    10f70ce579cc6de56b378b54ea27114a472d7a0a8eb006fee17ac771cb3f2d60

  • SHA512

    77e10c1ada6f9a3f33cd7e18575314fcc59132ad4bf8947a6355f77a7b21a957c18154f890733c85de97978f88b7a086eef3c3fe76c8f8311e4b94daa20a6991

  • SSDEEP

    6144:ec8aCmNfATSR0QxDDB9ejFP1HbcwoMIu0/cNIfqqVc2XhVjghvfFMseN2VfaCeCn:bBCmUSmuDteR1HbboZ3UNAxcMghvusCQ

Score
10/10
cybergateremotepersistencestealertrojan

Malware Config

Extracted

Family

cybergate

Version

v1.04.8

Botnet

remote

C2

127.0.0.1:3737

ackraizo.no-ip.biz:3737
Mutex

FR7T6X611K06A2

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    Svchost.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    201094

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Targets

    • Target

      JaffaCakes118_a63edd8d2d5f2e573d8107119aaf4db3

    • Size

      367KB

    • MD5

      a63edd8d2d5f2e573d8107119aaf4db3

    • SHA1

      0bee1eb9746d0c71dcc035ab60b3d7e1d2c1de40

    • SHA256

      10f70ce579cc6de56b378b54ea27114a472d7a0a8eb006fee17ac771cb3f2d60

    • SHA512

      77e10c1ada6f9a3f33cd7e18575314fcc59132ad4bf8947a6355f77a7b21a957c18154f890733c85de97978f88b7a086eef3c3fe76c8f8311e4b94daa20a6991

    • SSDEEP

      6144:ec8aCmNfATSR0QxDDB9ejFP1HbcwoMIu0/cNIfqqVc2XhVjghvfFMseN2VfaCeCn:bBCmUSmuDteR1HbboZ3UNAxcMghvusCQ

    Score
    10/10
    cybergateremotepersistencestealertrojan

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

      trojanstealercybergate

    • Cybergate family

      cybergate

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.