cybergate | 88479f8eb4b57f3377a665d803c37f9ab4e3b8a82c8542e410fbd8b388b825e7 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...00.exe

windows7-x64

JaffaCakes...00.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_7a248cee033654e1d4329f9f32c65a00
Size

294KB
Sample

250104-rk5bvavpcr
MD5

7a248cee033654e1d4329f9f32c65a00
SHA1

fbfa17985e2473c98eb223213ca58ef35e41b5de
SHA256

88479f8eb4b57f3377a665d803c37f9ab4e3b8a82c8542e410fbd8b388b825e7
SHA512

d80beeb2f4fdd08318f3577868953da184f1b5533d6039aceb7c275c9122b7932ec50e514be54fb042c8ec6d9eb4af87dd71b7bf7bcef03ccc7e8dd91c713f01
SSDEEP

6144:imcD66RRjq5JGmrpQsK3RD2u270jupCJsCxCK:ncD663TZ2zkPaCx3

Score

10^/10

cybergate latentbot user discovery persistence stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_7a248cee033654e1d4329f9f32c65a00.exe

Resource

win7-20240729-en

cybergate latentbot user discovery persistence stealer trojan upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_7a248cee033654e1d4329f9f32c65a00.exe

Resource

win10v2004-20241007-en

cybergate latentbot user discovery persistence stealer trojan upx

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

user

C2

127.0.0.1:1604

facebookgizem.zapto.org:1604

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./komikvideo/
ftp_interval
30
injected_process
explorer.exe
install_dir
svcrhost.exe
install_file
svcrhost.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Sistem Bozuk,Çalýþtýrýlamýyor
message_box_title
HATA
password
1234
regkey_hkcu
svcrhost.exe
regkey_hklm
svcrhost.exe

Extracted

Family

latentbot

C2

facebookgizem.zapto.org

Targets

- Target
  
  JaffaCakes118_7a248cee033654e1d4329f9f32c65a00
- Size
  
  294KB
- MD5
  
  7a248cee033654e1d4329f9f32c65a00
- SHA1
  
  fbfa17985e2473c98eb223213ca58ef35e41b5de
- SHA256
  
  88479f8eb4b57f3377a665d803c37f9ab4e3b8a82c8542e410fbd8b388b825e7
- SHA512
  
  d80beeb2f4fdd08318f3577868953da184f1b5533d6039aceb7c275c9122b7932ec50e514be54fb042c8ec6d9eb4af87dd71b7bf7bcef03ccc7e8dd91c713f01
- SSDEEP
  
  6144:imcD66RRjq5JGmrpQsK3RD2u270jupCJsCxCK:ncD663TZ2zkPaCx3
Score

10^/10

cybergate latentbot user discovery persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatelatentbotuserdiscoverypersistencestealertrojanupx

behavioral2

cybergatelatentbotuserdiscoverypersistencestealertrojanupx

© 2018-2025

Terms | Privacy