cybergate | e581b472f33999ed85af3ca055215c10a855c84789a99ff3d29874293d251c08 | Triage

Submit
Reports

Overview

overview

Static

static

3

d64a5d5afa...18.exe

windows7-x64

6

d64a5d5afa...18.exe

windows10-2004-x64

Sharing

General

Target

d64a5d5afa250ce9be542ced51058c91_JaffaCakes118
Size

608KB
Sample

241208-k6awsstqck
MD5

d64a5d5afa250ce9be542ced51058c91
SHA1

0f1c3b811f3778248bc19c1da750bf941c3abae9
SHA256

e581b472f33999ed85af3ca055215c10a855c84789a99ff3d29874293d251c08
SHA512

5cda43d7e637f7d6184386ac90f5730c0906d69b96336e0914b22a76b0e08627cefade8734c59c202603402b768c00082deafb63b8ef29b2a4d591445e176b58
SSDEEP

12288:H3cuArV/uAVYiA/53x38d/5i4cO3cuArV/uAVYiA/53x38d/5i4cg:HOBWsARx3j4cOOBWsARx3j4cg

Score

10^/10

cybergate remote discovery stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d64a5d5afa250ce9be542ced51058c91_JaffaCakes118.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

d64a5d5afa250ce9be542ced51058c91_JaffaCakes118.exe

Resource

win10v2004-20241007-en

cybergate remote discovery stealer trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.04.8

Botnet

remote

C2

127.0.0.1:90

Mutex

88FCB6KKHYIM44

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
walido

Targets

- Target
  
  d64a5d5afa250ce9be542ced51058c91_JaffaCakes118
- Size
  
  608KB
- MD5
  
  d64a5d5afa250ce9be542ced51058c91
- SHA1
  
  0f1c3b811f3778248bc19c1da750bf941c3abae9
- SHA256
  
  e581b472f33999ed85af3ca055215c10a855c84789a99ff3d29874293d251c08
- SHA512
  
  5cda43d7e637f7d6184386ac90f5730c0906d69b96336e0914b22a76b0e08627cefade8734c59c202603402b768c00082deafb63b8ef29b2a4d591445e176b58
- SSDEEP
  
  12288:H3cuArV/uAVYiA/53x38d/5i4cO3cuArV/uAVYiA/53x38d/5i4cg:HOBWsARx3j4cOOBWsARx3j4cg
Score

10^/10

discovery cybergate remote stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

cybergateremotediscoverystealertrojanupx

© 2018-2025

Terms | Privacy