cybergate | 9ab245dc4f7527042ae254940e14b908377afc597b637d39d09d91e4fe830380 | Triage

Submit
Reports

Overview

overview

Static

static

e6837a5ca0...18.exe

windows7-x64

7

e6837a5ca0...18.exe

windows10-2004-x64

7

Sharing

General

Target

e6837a5ca0227c682d5d103563d1fbdd_JaffaCakes118
Size

296KB
Sample

240408-dtvbcafd23
MD5

e6837a5ca0227c682d5d103563d1fbdd
SHA1

7c4732a6a05039a70731c54c3b6ac8dbccece90f
SHA256

9ab245dc4f7527042ae254940e14b908377afc597b637d39d09d91e4fe830380
SHA512

e7a3b4e0966935966e84203c6b26b63a4c912737d7ec637cc63579cb5e7b84b32968c77bb251696431cd3fd3fdb9971131bdad104e1bace150cfd8b906379e53
SSDEEP

6144:POpslFlqshdBCkWYxuukP1pjSKSNVkq/MVJb8:PwslnTBd47GLRMTb8

Score

10^/10

cybergate remote upx

Static task

static1

remote cybergate

2 signatures

Behavioral task

behavioral1

Sample

e6837a5ca0227c682d5d103563d1fbdd_JaffaCakes118.exe

Resource

win7-20240215-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

e6837a5ca0227c682d5d103563d1fbdd_JaffaCakes118.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

remote

C2

127.0.0.1:99

Mutex

5GCF0N21LOJ1VD

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
12345

Targets

- Target
  
  e6837a5ca0227c682d5d103563d1fbdd_JaffaCakes118
- Size
  
  296KB
- MD5
  
  e6837a5ca0227c682d5d103563d1fbdd
- SHA1
  
  7c4732a6a05039a70731c54c3b6ac8dbccece90f
- SHA256
  
  9ab245dc4f7527042ae254940e14b908377afc597b637d39d09d91e4fe830380
- SHA512
  
  e7a3b4e0966935966e84203c6b26b63a4c912737d7ec637cc63579cb5e7b84b32968c77bb251696431cd3fd3fdb9971131bdad104e1bace150cfd8b906379e53
- SSDEEP
  
  6144:POpslFlqshdBCkWYxuukP1pjSKSNVkq/MVJb8:PwslnTBd47GLRMTb8
Score

7^/10

upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

remotecybergate

behavioral1

behavioral2

© 2018-2024

Terms | Privacy