cybergate | 05a77a198e5c39d7e00087a4d89c6dcad705c3bd2f0b306f0ec7acc630f939a1 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...7c.exe

windows7-x64

JaffaCakes...7c.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_6c388dcccaa059e5f20701b39964127c
Size

276KB
Sample

250103-nb43yatjdn
MD5

6c388dcccaa059e5f20701b39964127c
SHA1

c33a4b77fe59951c37394919481963db0b4dc1fc
SHA256

05a77a198e5c39d7e00087a4d89c6dcad705c3bd2f0b306f0ec7acc630f939a1
SHA512

f51e0dae7aaf1488b8c93be1a61c02c99cea72af683de3e0a7033959426e2eefbfdbb839488068bf5dea653c1507ca6421d6e5ded45471ce3de6c4d17550e486
SSDEEP

6144:Nk4qmG+aoaTdbj8Xn80Cq9iGdbhmb2REllbOmS1fX8iMhg08:a9usTVQX7ywdmavmMX8k

Score

10^/10

cybergate concha pelada discovery persistence stealer trojan upx

Static task

static1

upx concha pelada cybergate

3 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_6c388dcccaa059e5f20701b39964127c.exe

Resource

win7-20241010-en

cybergate concha pelada discovery persistence stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_6c388dcccaa059e5f20701b39964127c.exe

Resource

win10v2004-20241007-en

cybergate concha pelada discovery persistence stealer trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Concha Pelada

C2

127.0.0.1:81

127.0.0.1:21

rafa0800.no-ip.org:82

127.0.0.1:700

rafa0800.no-ip.org:200

rafa0800.no-ip.org:500

rafa0800.no-ip.org:84

rafa0800.no-ip.org:85

rafa0800.no-ip.org:83

rafa0800.no-ip.org:21

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
svchost.exe
install_flag
true
keylogger_enable_ftp
false
password
qqqqqq
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  JaffaCakes118_6c388dcccaa059e5f20701b39964127c
- Size
  
  276KB
- MD5
  
  6c388dcccaa059e5f20701b39964127c
- SHA1
  
  c33a4b77fe59951c37394919481963db0b4dc1fc
- SHA256
  
  05a77a198e5c39d7e00087a4d89c6dcad705c3bd2f0b306f0ec7acc630f939a1
- SHA512
  
  f51e0dae7aaf1488b8c93be1a61c02c99cea72af683de3e0a7033959426e2eefbfdbb839488068bf5dea653c1507ca6421d6e5ded45471ce3de6c4d17550e486
- SSDEEP
  
  6144:Nk4qmG+aoaTdbj8Xn80Cq9iGdbhmb2REllbOmS1fX8iMhg08:a9usTVQX7ywdmavmMX8k
Score

10^/10

cybergate concha pelada discovery persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upxconcha peladacybergate

behavioral1

cybergateconcha peladadiscoverypersistencestealertrojanupx

behavioral2

cybergateconcha peladadiscoverypersistencestealertrojanupx

© 2018-2025

Terms | Privacy