cybergate | 2b5aa1d0de017fff07bb9844f2542b152691677596f61c1c7796b25515c1676a | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...9e.exe

windows7-x64

JaffaCakes...9e.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_f805c6334fd3c8ad238ee13009a29c9e
Size

281KB
Sample

250120-y589vsxmgz
MD5

f805c6334fd3c8ad238ee13009a29c9e
SHA1

aa419557470d0880bc122eea03c13ee840027dbf
SHA256

2b5aa1d0de017fff07bb9844f2542b152691677596f61c1c7796b25515c1676a
SHA512

ba10204532b4dd2598e911f153fbb6bc74d2ff7dae9926023a8fe14a770a356373b7d7854e7d56203b34cbbe527af3b1c0c2036def8622a52470306d5e5e7fcf
SSDEEP

6144:ey+phnTwlTLfkixFUQKf3D7TnBAZ5qhbxd:b+pJ0lYixsfvDBAzK9d

Score

10^/10

cybergate latentbot remote discovery persistence trojan upx

Static task

static1

remote cybergate

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_f805c6334fd3c8ad238ee13009a29c9e.exe

Resource

win7-20240903-en

latentbot discovery persistence trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_f805c6334fd3c8ad238ee13009a29c9e.exe

Resource

win10v2004-20241007-en

latentbot discovery persistence trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.11.0 - Public Version

Botnet

remote

C2

PortalPollak.zapto.org:51636

Mutex

R72J284XNKF663

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
dir32.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Your operating system is not compatible with this file.
message_box_title
CyberGate
password
cybergate

Extracted

Family

latentbot

C2

PortalPollak.zapto.org

Targets

- Target
  
  JaffaCakes118_f805c6334fd3c8ad238ee13009a29c9e
- Size
  
  281KB
- MD5
  
  f805c6334fd3c8ad238ee13009a29c9e
- SHA1
  
  aa419557470d0880bc122eea03c13ee840027dbf
- SHA256
  
  2b5aa1d0de017fff07bb9844f2542b152691677596f61c1c7796b25515c1676a
- SHA512
  
  ba10204532b4dd2598e911f153fbb6bc74d2ff7dae9926023a8fe14a770a356373b7d7854e7d56203b34cbbe527af3b1c0c2036def8622a52470306d5e5e7fcf
- SSDEEP
  
  6144:ey+phnTwlTLfkixFUQKf3D7TnBAZ5qhbxd:b+pJ0lYixsfvDBAzK9d
Score

10^/10

latentbot discovery persistence trojan upx
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Latentbot family
  latentbot
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

remotecybergate

behavioral1

latentbotdiscoverypersistencetrojanupx

behavioral2

latentbotdiscoverypersistencetrojanupx

© 2018-2025

Terms | Privacy