cybergate | 7df197c7be62b676271ce9772735293ad4a6587ffb7c1539346f09a2d20d6306 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...2d.exe

windows7-x64

JaffaCakes...2d.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_07cbe440dfab0acb7ad909be92a9ec2d
Size

424KB
Sample

250121-1t6eyatlam
MD5

07cbe440dfab0acb7ad909be92a9ec2d
SHA1

33831ca4be214415c0b35631236a3171422f4852
SHA256

7df197c7be62b676271ce9772735293ad4a6587ffb7c1539346f09a2d20d6306
SHA512

35b6808ff09f384ecbd01d5d0d3dba47ef2afdcc14d575a4f648027b9fd4b958806de72323cf1a5d2e0b7361ae948cf01233cb03745c5686b8e48d5b380a47fa
SSDEEP

6144:+k9L5merIUkr86dKuvFHbhUwEFdDLgnXfoWS178+0xpfzDVlb00:hV8wHkr86dK9wE3UnvoN0xJ30

Score

10^/10

cybergate hose discovery persistence stealer trojan upx

Static task

static1

upx hose cybergate

3 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_07cbe440dfab0acb7ad909be92a9ec2d.exe

Resource

win7-20241023-en

cybergate hose discovery persistence stealer trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_07cbe440dfab0acb7ad909be92a9ec2d.exe

Resource

win10v2004-20241007-en

cybergate hose discovery persistence stealer trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.5

Botnet

hose

C2

127.0.0.1:81

94.25.205.106:81

188.162.83.119:82

188.162.83.119:8080

Mutex

***MUTEX***

Attributes

enable_keylogger
false
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_file
ins128.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Ïðîãðàììà âûïîëíèëà íåäîïóñòèìóþ îïïåðàöèþ è áóäåò çàêðûòà.
message_box_title
Îøèáêà 32õ0012
password
volk

Targets

- Target
  
  JaffaCakes118_07cbe440dfab0acb7ad909be92a9ec2d
- Size
  
  424KB
- MD5
  
  07cbe440dfab0acb7ad909be92a9ec2d
- SHA1
  
  33831ca4be214415c0b35631236a3171422f4852
- SHA256
  
  7df197c7be62b676271ce9772735293ad4a6587ffb7c1539346f09a2d20d6306
- SHA512
  
  35b6808ff09f384ecbd01d5d0d3dba47ef2afdcc14d575a4f648027b9fd4b958806de72323cf1a5d2e0b7361ae948cf01233cb03745c5686b8e48d5b380a47fa
- SSDEEP
  
  6144:+k9L5merIUkr86dKuvFHbhUwEFdDLgnXfoWS178+0xpfzDVlb00:hV8wHkr86dK9wE3UnvoN0xJ30
Score

10^/10

cybergate hose discovery persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

upxhosecybergate

behavioral1

cybergatehosediscoverypersistencestealertrojanupx

behavioral2

cybergatehosediscoverypersistencestealertrojanupx

© 2018-2025

Terms | Privacy