cybergate | ee848bf8c10c176bdf8d4dbe9d8920593d9885cd41c94240d402f755f7b34249 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...e5.exe

windows7-x64

JaffaCakes...e5.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_1214afafcee8892ff70e343735f4fee5
Size

1.4MB
Sample

250122-3zmacssqhk
MD5

1214afafcee8892ff70e343735f4fee5
SHA1

b7442537012366b950cb57e6785e3c1b44b29ff9
SHA256

ee848bf8c10c176bdf8d4dbe9d8920593d9885cd41c94240d402f755f7b34249
SHA512

0e49c4d90526a94177a4d36f7b428550858e6af3c5a4d7a0e8429c6b9ebf5ce6c3c8aa792d4a6553a704455341abffb5c77258788109ac7d24743a4d4fe4caf5
SSDEEP

24576:hyfHSRuEnbk44eYRko9WEefpHDDO0YP77sVz3whMXPiVFjEWlP9:1uOb34zk4WEeflCF7sVri6Pi7l1

Score

10^/10

cybergate sys discovery persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_1214afafcee8892ff70e343735f4fee5.exe

Resource

win7-20240903-en

cybergate sys discovery persistence stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_1214afafcee8892ff70e343735f4fee5.exe

Resource

win10v2004-20241007-en

cybergate sys discovery persistence stealer trojan upx

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

sys

C2

modym.no-ip.org:8246

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
DXvi
install_file
system..exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
application software can run on a 64-bit operating system
message_box_title
Java!
password
123123
regkey_hkcu
sys

Targets

- Target
  
  JaffaCakes118_1214afafcee8892ff70e343735f4fee5
- Size
  
  1.4MB
- MD5
  
  1214afafcee8892ff70e343735f4fee5
- SHA1
  
  b7442537012366b950cb57e6785e3c1b44b29ff9
- SHA256
  
  ee848bf8c10c176bdf8d4dbe9d8920593d9885cd41c94240d402f755f7b34249
- SHA512
  
  0e49c4d90526a94177a4d36f7b428550858e6af3c5a4d7a0e8429c6b9ebf5ce6c3c8aa792d4a6553a704455341abffb5c77258788109ac7d24743a4d4fe4caf5
- SSDEEP
  
  24576:hyfHSRuEnbk44eYRko9WEefpHDDO0YP77sVz3whMXPiVFjEWlP9:1uOb34zk4WEeflCF7sVri6Pi7l1
Score

10^/10

cybergate sys discovery persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatesysdiscoverypersistencestealertrojanupx

behavioral2

cybergatesysdiscoverypersistencestealertrojanupx

© 2018-2025

Terms | Privacy