cybergate | 23b5d03b2575ba291dd3c8b5afca5e46c1a5fe8f6943dee580fff9cd427b17a3 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...8e.exe

windows7-x64

JaffaCakes...8e.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_5e3eda90d9f47df53fd9f5166cdb2e8e
Size

612KB
Sample

250115-wn7zcssjbq
MD5

5e3eda90d9f47df53fd9f5166cdb2e8e
SHA1

244d7e0d89239789fd3ec21039913ca44c481031
SHA256

23b5d03b2575ba291dd3c8b5afca5e46c1a5fe8f6943dee580fff9cd427b17a3
SHA512

dabd9d56c0ceb778b1efc4df443580130779be1415bc2edab96490d3944fb73a8f358d25c9cd9032a21d3d9cc0f598a83e38f3e39a6ce75cb1351dfd3be2e688
SSDEEP

12288:mSszW8DriUqVmIKKjWGx+1tCxcEcYK/GDt9siU24Q5hayL24ujrBh8gQEuDxsJoq:jmRDDqVJx+1sxI/GDtxU24Q5hJ2xNh8y

Score

10^/10

cybergate discovery persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_5e3eda90d9f47df53fd9f5166cdb2e8e.exe

Resource

win7-20241023-en

cybergate discovery persistence stealer trojan upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_5e3eda90d9f47df53fd9f5166cdb2e8e.exe

Resource

win10v2004-20241007-en

cybergate discovery persistence stealer trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_5e3eda90d9f47df53fd9f5166cdb2e8e
- Size
  
  612KB
- MD5
  
  5e3eda90d9f47df53fd9f5166cdb2e8e
- SHA1
  
  244d7e0d89239789fd3ec21039913ca44c481031
- SHA256
  
  23b5d03b2575ba291dd3c8b5afca5e46c1a5fe8f6943dee580fff9cd427b17a3
- SHA512
  
  dabd9d56c0ceb778b1efc4df443580130779be1415bc2edab96490d3944fb73a8f358d25c9cd9032a21d3d9cc0f598a83e38f3e39a6ce75cb1351dfd3be2e688
- SSDEEP
  
  12288:mSszW8DriUqVmIKKjWGx+1tCxcEcYK/GDt9siU24Q5hayL24ujrBh8gQEuDxsJoq:jmRDDqVJx+1sxI/GDtxU24Q5hJ2xNh8y
Score

10^/10

cybergate discovery persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatediscoverypersistencestealertrojanupx

behavioral2

cybergatediscoverypersistencestealertrojanupx

© 2018-2025

Terms | Privacy