cybergate | 62350c842e92e42479ecc33393f1bb66249f4fc7497339e7fd3f844601888490

General

Target

86004037123c4813357c62f197b2fd86_JaffaCakes118
Size

340KB
Sample

241102-r5788sxdqk
MD5

86004037123c4813357c62f197b2fd86
SHA1

5ea2b1e0fc46a86f6175c724a859f73b3304b810
SHA256

62350c842e92e42479ecc33393f1bb66249f4fc7497339e7fd3f844601888490
SHA512

f2af14b2f7af0d4bcbf4ec52eda01740dd9cf4e858f4e0f01cc0b79dc5f844eac2f099980283b9ec1703d0d81ea7e96daa70c8007ba7cab6c7705b9f46bda051
SSDEEP

6144:Wri4VUvosM3Ko+BYXU6MILnS+rl8bZicy/UWCl56mNzYv9FnptF0AQJTJ:WGcUwZ3v+t6HSo0ZicysWvme/x

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

xcube

C2

mastertester.zapto.org:81

Mutex

K27601D27Y037E

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
123456

Extracted

Family

latentbot

C2

mastertester.zapto.org

Targets

- Target
  
  86004037123c4813357c62f197b2fd86_JaffaCakes118
- Size
  
  340KB
- MD5
  
  86004037123c4813357c62f197b2fd86
- SHA1
  
  5ea2b1e0fc46a86f6175c724a859f73b3304b810
- SHA256
  
  62350c842e92e42479ecc33393f1bb66249f4fc7497339e7fd3f844601888490
- SHA512
  
  f2af14b2f7af0d4bcbf4ec52eda01740dd9cf4e858f4e0f01cc0b79dc5f844eac2f099980283b9ec1703d0d81ea7e96daa70c8007ba7cab6c7705b9f46bda051
- SSDEEP
  
  6144:Wri4VUvosM3Ko+BYXU6MILnS+rl8bZicy/UWCl56mNzYv9FnptF0AQJTJ:WGcUwZ3v+t6HSo0ZicysWvme/x
Score

10^/10

cybergate latentbot xcube discovery stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

CyberGate, Rebhip

Cybergate family

LatentBot

Latentbot family

Uses the VBS compiler for execution

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2