cybergate | 8e0d1f9a03414fc365b63397c52563219e177392eed9e07fe6ad062cc82f080a | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...7b.exe

windows7-x64

JaffaCakes...7b.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_6e6bc92d4dfb602e8a2f7c93ff7b217b
Size

387KB
Sample

250103-wh5baawkbz
MD5

6e6bc92d4dfb602e8a2f7c93ff7b217b
SHA1

baa09f056b9d5e2cab1251d28f6aed071415f61a
SHA256

8e0d1f9a03414fc365b63397c52563219e177392eed9e07fe6ad062cc82f080a
SHA512

87b489c438dd1235a3c952cae13129027c4a9db00cefb2274ccfa443614f1abd9bc09da44009d773d3b83f780aea6ff9326204f5b05f89fc159a9e6bc797e1b1
SSDEEP

12288:gaSftwx69df24VfHbpjx97tnBwIZ+1QhVVhz:KfLdf7V7kY+1QhVfz

Score

10^/10

cybergate stocazzo discovery persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_6e6bc92d4dfb602e8a2f7c93ff7b217b.exe

Resource

win7-20240903-en

cybergate stocazzo discovery persistence stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_6e6bc92d4dfb602e8a2f7c93ff7b217b.exe

Resource

win10v2004-20241007-en

cybergate stocazzo discovery persistence stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

stocazzo

C2

127.0.0.1:82

glider.no-ip.biz:82

Mutex

08V7Q0KO76RH6L

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
WinDir
install_file
Svchost.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
The instruction at "0x10132351" referenced at0x00000000". The memory could not be red
message_box_title
Application Error
password
alomhack
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  JaffaCakes118_6e6bc92d4dfb602e8a2f7c93ff7b217b
- Size
  
  387KB
- MD5
  
  6e6bc92d4dfb602e8a2f7c93ff7b217b
- SHA1
  
  baa09f056b9d5e2cab1251d28f6aed071415f61a
- SHA256
  
  8e0d1f9a03414fc365b63397c52563219e177392eed9e07fe6ad062cc82f080a
- SHA512
  
  87b489c438dd1235a3c952cae13129027c4a9db00cefb2274ccfa443614f1abd9bc09da44009d773d3b83f780aea6ff9326204f5b05f89fc159a9e6bc797e1b1
- SSDEEP
  
  12288:gaSftwx69df24VfHbpjx97tnBwIZ+1QhVVhz:KfLdf7V7kY+1QhVfz
Score

10^/10

cybergate stocazzo discovery persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatestocazzodiscoverypersistencestealertrojanupx

behavioral2

cybergatestocazzodiscoverypersistencestealertrojanupx

© 2018-2025

Terms | Privacy