Extracted

• • Target

    JaffaCakes118_b8928c51aad9cd3e1e71430272b7539c

  • Size

    290KB

  • MD5

    b8928c51aad9cd3e1e71430272b7539c

  • SHA1

    ca4606730ca70748de44987d2dca27264730fa9a

  • SHA256

    32dcf9e526edf391cac0b418e40c5f413dc3c61e00c55b37231a2e3807a6356d

  • SHA512

    b91dacabd09617f93509aff6ff0d960c6359edbcc07239fca3a920e140db985fb0ddae50c505ff2ea62050324385bf4a1bd16a7a1a899eb7be5f1bddd8e41d47

  • SSDEEP

    6144:WOpslFlqnhdBCkWYxuukP1pjSKSNVkq/MVJbr:WwslmTBd47GLRMTbr

  Score

  10^/10

  cybergateremotediscoverypersistencestealertrojanupx

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate

  • Cybergate family

    cybergate

  • Adds policy Run key to start application

    persistence

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1