cybergate | 3d2c0a7bec8360c2cca666c35892cf8b981524c3acf98d75928bbcbd1ac42770 | Triage

Submit
Reports

Overview

overview

Static

static

3

ee3d6c6a03...18.exe

windows7-x64

ee3d6c6a03...18.exe

windows10-2004-x64

5

Sharing

General

Target

ee3d6c6a0363845a79c00be99f593af0_JaffaCakes118
Size

437KB
Sample

241214-l4f6gazpgm
MD5

ee3d6c6a0363845a79c00be99f593af0
SHA1

8874522b9067b894c541f06f6a49f3713137210a
SHA256

3d2c0a7bec8360c2cca666c35892cf8b981524c3acf98d75928bbcbd1ac42770
SHA512

f69d66151c10db9d3a2a34e045c6890b0cf005f8f987f53c973f24ff6f2d1117a7b01cbe95ecda6eb1cba3bf709b17045db5ff0bd91858dce6eb964e0c6ff30e
SSDEEP

12288:3bG85Du5UNuxvjCF2IOlVzYKj86scAoUi8:ChaNuxvjCF2IOlpYOZAoUz

Score

10^/10

cybergate bootkit discovery persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ee3d6c6a0363845a79c00be99f593af0_JaffaCakes118.exe

Resource

win7-20241010-en

cybergate bootkit discovery persistence stealer trojan upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

ee3d6c6a0363845a79c00be99f593af0_JaffaCakes118.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  ee3d6c6a0363845a79c00be99f593af0_JaffaCakes118
- Size
  
  437KB
- MD5
  
  ee3d6c6a0363845a79c00be99f593af0
- SHA1
  
  8874522b9067b894c541f06f6a49f3713137210a
- SHA256
  
  3d2c0a7bec8360c2cca666c35892cf8b981524c3acf98d75928bbcbd1ac42770
- SHA512
  
  f69d66151c10db9d3a2a34e045c6890b0cf005f8f987f53c973f24ff6f2d1117a7b01cbe95ecda6eb1cba3bf709b17045db5ff0bd91858dce6eb964e0c6ff30e
- SSDEEP
  
  12288:3bG85Du5UNuxvjCF2IOlVzYKj86scAoUi8:ChaNuxvjCF2IOlpYOZAoUz
Score

10^/10

cybergate bootkit discovery persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Pre-OS Boot

Bootkit

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatebootkitdiscoverypersistencestealertrojanupx

behavioral2

© 2018-2025

Terms | Privacy