General
-
Target
17b976da7910ed4050e288f8b8577a0e_JaffaCakes118
-
Size
1.2MB
-
Sample
240627-16atsstfpe
-
MD5
17b976da7910ed4050e288f8b8577a0e
-
SHA1
65326aae9e59f0f4b5a9729350b600d52757b7e8
-
SHA256
ee3f5eb468d33e0ec24abb215cf63c80a5875758952736b15a5fe921acabdb61
-
SHA512
831f4ed8527236c7b037de7310e95253a6112ba7a30cb7be92caf5796a55f9d2ac87f572a07a99dd6006f07ed256bb9ebdf875d2f018acf8c77f9109ea6c3ea6
-
SSDEEP
24576:HhqMYdprgqE8sleQy2bkqjZcFMV3flGy8eyIbfbTAp2CsEI8h:HhqDpJE3QOnjZy68eBDTMLsah
Malware Config
Extracted
cybergate
v1.07.5
itzh4cked
itzh4cked.no-ip.biz:6661
CY4GD3PW1Q0B43
-
enable_keylogger
false
-
enable_message_box
false
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
test this bitch.exe
-
install_dir
Windows
-
install_file
chrome.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
what459sit512
-
regkey_hkcu
HKCU
-
regkey_hklm
HKLM
Targets
-
-
Target
17b976da7910ed4050e288f8b8577a0e_JaffaCakes118
-
Size
1.2MB
-
MD5
17b976da7910ed4050e288f8b8577a0e
-
SHA1
65326aae9e59f0f4b5a9729350b600d52757b7e8
-
SHA256
ee3f5eb468d33e0ec24abb215cf63c80a5875758952736b15a5fe921acabdb61
-
SHA512
831f4ed8527236c7b037de7310e95253a6112ba7a30cb7be92caf5796a55f9d2ac87f572a07a99dd6006f07ed256bb9ebdf875d2f018acf8c77f9109ea6c3ea6
-
SSDEEP
24576:HhqMYdprgqE8sleQy2bkqjZcFMV3flGy8eyIbfbTAp2CsEI8h:HhqDpJE3QOnjZy68eBDTMLsah
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-