cybergate | 03cc7a29cfcf57a0d7cfe4c5c6a10ecdd9e3db32676672fb290a371da26469ad | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

ba3d8adb44...18.exe

windows7-x64

ba3d8adb44...18.exe

windows10-2004-x64

Sharing

General

Target

ba3d8adb44ed41edf20a140e81f4148a_JaffaCakes118
Size

498KB
Sample

240823-edkbwateqa
MD5

ba3d8adb44ed41edf20a140e81f4148a
SHA1

0831001209823f6bac0efd7115972e86df9b73f4
SHA256

03cc7a29cfcf57a0d7cfe4c5c6a10ecdd9e3db32676672fb290a371da26469ad
SHA512

29878bef31ea121283a10b9258d47d71ffdddd4e779445f811c9e2d2b4fbb470dae19f91d8c83a91a15ef777dc6c822ac70d96edb20900c8ce299c612232a33f
SSDEEP

6144:Q9iOktDPSBBzUKvs/wdeqN7g5cyV5tbyzTlr+r6J7NEqT5knyH1PV2yy+gGu09QL:zSHzVsCD4pWNa6pvYyH1PQyy+gGBS

Score

10^/10

cybergate tencent discovery evasion stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ba3d8adb44ed41edf20a140e81f4148a_JaffaCakes118.exe

Resource

win7-20240704-en

cybergate tencent discovery evasion stealer trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

ba3d8adb44ed41edf20a140e81f4148a_JaffaCakes118.exe

Resource

win10v2004-20240802-en

cybergate tencent discovery evasion stealer trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Tencent

C2

symeon3melrich.no-ip.org:7000

Mutex

E45T03S44THK81

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
ZBj2

Targets

- Target
  
  ba3d8adb44ed41edf20a140e81f4148a_JaffaCakes118
- Size
  
  498KB
- MD5
  
  ba3d8adb44ed41edf20a140e81f4148a
- SHA1
  
  0831001209823f6bac0efd7115972e86df9b73f4
- SHA256
  
  03cc7a29cfcf57a0d7cfe4c5c6a10ecdd9e3db32676672fb290a371da26469ad
- SHA512
  
  29878bef31ea121283a10b9258d47d71ffdddd4e779445f811c9e2d2b4fbb470dae19f91d8c83a91a15ef777dc6c822ac70d96edb20900c8ce299c612232a33f
- SSDEEP
  
  6144:Q9iOktDPSBBzUKvs/wdeqN7g5cyV5tbyzTlr+r6J7NEqT5knyH1PV2yy+gGu09QL:zSHzVsCD4pWNa6pvYyH1PQyy+gGBS
Score

10^/10

cybergate tencent discovery evasion stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatetencentdiscoveryevasionstealertrojanupx

behavioral2

cybergatetencentdiscoveryevasionstealertrojanupx

© 2018-2025

Terms | Privacy