cybergate | 09c0ffa8861927a9ddfbe851b4c9e0c08137d7117a5b381a2cda9f49e8c552ef | Triage

Submit
Reports

Overview

overview

Static

static

3

19a173e4cd...18.exe

windows7-x64

19a173e4cd...18.exe

windows10-2004-x64

Sharing

General

Target

19a173e4cd83f0ea7024cb9808f2c375_JaffaCakes118
Size

348KB
Sample

240628-lgk6xascpc
MD5

19a173e4cd83f0ea7024cb9808f2c375
SHA1

229584f2c83199df3c5e10ba007af233779291e1
SHA256

09c0ffa8861927a9ddfbe851b4c9e0c08137d7117a5b381a2cda9f49e8c552ef
SHA512

40f718763d98b729be4daeff412bdf3d5c2819c3050f78a66d4db3587b35bc18f30d38217869fb8fa545c8d75c1c392fb8f4013ea02017f12f1b478bd4968100
SSDEEP

6144:zxwLAI9sJd5v9q9QOjEnHn+pJ8D1MY1MT3kP7/skPUmDW5UYfQnqqWLW:9wkYin9Hn+pJ8D1M6a3kDUkMF5UYonq4

Score

10^/10

cybergate latentbot muajaja!persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

19a173e4cd83f0ea7024cb9808f2c375_JaffaCakes118.exe

Resource

win7-20240611-en

cybergate latentbot muajaja!persistence stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

19a173e4cd83f0ea7024cb9808f2c375_JaffaCakes118.exe

Resource

win10v2004-20240611-en

cybergate latentbot muajaja!persistence stealer trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Muajaja!

C2

daniielalex.zapto.org:8080

Mutex

***Rataa***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
Windonws
install_file
Win32.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
daniel55
regkey_hkcu
HKCU
regkey_hklm
HKLM

Extracted

Family

latentbot

C2

daniielalex.zapto.org

Targets

- Target
  
  19a173e4cd83f0ea7024cb9808f2c375_JaffaCakes118
- Size
  
  348KB
- MD5
  
  19a173e4cd83f0ea7024cb9808f2c375
- SHA1
  
  229584f2c83199df3c5e10ba007af233779291e1
- SHA256
  
  09c0ffa8861927a9ddfbe851b4c9e0c08137d7117a5b381a2cda9f49e8c552ef
- SHA512
  
  40f718763d98b729be4daeff412bdf3d5c2819c3050f78a66d4db3587b35bc18f30d38217869fb8fa545c8d75c1c392fb8f4013ea02017f12f1b478bd4968100
- SSDEEP
  
  6144:zxwLAI9sJd5v9q9QOjEnHn+pJ8D1MY1MT3kP7/skPUmDW5UYfQnqqWLW:9wkYin9Hn+pJ8D1M6a3kDUkMF5UYonq4
Score

10^/10

cybergate latentbot muajaja!persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatelatentbotmuajaja!persistencestealertrojanupx

behavioral2

cybergatelatentbotmuajaja!persistencestealertrojanupx

© 2018-2025

Terms | Privacy