General
-
Target
1ae5903a3793a782161abf62040b365a_JaffaCakes118
-
Size
664KB
-
Sample
240701-l8rsrsvhme
-
MD5
1ae5903a3793a782161abf62040b365a
-
SHA1
b63daf8490d3a78a2412457fe6542ae9afbb4c42
-
SHA256
95a504ddf8de2fd3275ef5bd8483353eb923332a577678da0079c57133b62449
-
SHA512
0a684b06e04ac817f863de9e75035e1f4ccecc5b550e6ddab355bb8bf9bd456df157fc5d2b15a821a67f05843f145ae7bbe9fea519661168c0d2a5507669d52b
-
SSDEEP
12288:wHNlojJlsYW5SbKxDHUeFpM6prkQAYvzFH3/KTUNwXIZ3fmb1RZGd:qLeJlsv0KoeFp3phAg9S43fmxGd
Malware Config
Extracted
cybergate
2.6
imen
garawalid.no-ip.biz:288
127.0.0.1:288
***MUTEX***
-
enable_keylogger
false
-
enable_message_box
true
-
ftp_directory
./logs/
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
win32.exe
-
install_flag
true
-
keylogger_enable_ftp
false
-
message_box_caption
error 003x5463
-
message_box_title
error
-
password
nopass
Targets
-
-
Target
1ae5903a3793a782161abf62040b365a_JaffaCakes118
-
Size
664KB
-
MD5
1ae5903a3793a782161abf62040b365a
-
SHA1
b63daf8490d3a78a2412457fe6542ae9afbb4c42
-
SHA256
95a504ddf8de2fd3275ef5bd8483353eb923332a577678da0079c57133b62449
-
SHA512
0a684b06e04ac817f863de9e75035e1f4ccecc5b550e6ddab355bb8bf9bd456df157fc5d2b15a821a67f05843f145ae7bbe9fea519661168c0d2a5507669d52b
-
SSDEEP
12288:wHNlojJlsYW5SbKxDHUeFpM6prkQAYvzFH3/KTUNwXIZ3fmb1RZGd:qLeJlsv0KoeFp3phAg9S43fmxGd
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext
-