cybergate | ca88c3f15cb4aa9ccd0ae8a5e0f302e3c156ef50bfd43c362b5eeb1637e23a55 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...2e.exe

windows7-x64

JaffaCakes...2e.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_1cc838b42cf4315cb3e1ad1de69bce2e
Size

468KB
Sample

250124-bzjqpasrht
MD5

1cc838b42cf4315cb3e1ad1de69bce2e
SHA1

a3da7ad64527941fe4164a89c9f9f1fbac0a7049
SHA256

ca88c3f15cb4aa9ccd0ae8a5e0f302e3c156ef50bfd43c362b5eeb1637e23a55
SHA512

005aaf1c0e6803e3334d4e37b320500b0fc460440341af96915cadcc65955e9da9faecf023e50043b34a8372d96d4cee94a684bb4e9142d5311afbbc0e7e5010
SSDEEP

12288:5g5cn10gRYDKfcSOpzFNGnsWX7of/iq/5xwhUZPrA:ku3VoHiFuZPrA

Score

10^/10

cybergate antivirus newp2p discovery persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_1cc838b42cf4315cb3e1ad1de69bce2e.exe

Resource

win7-20241010-en

cybergate antivirus newp2p discovery persistence stealer trojan upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_1cc838b42cf4315cb3e1ad1de69bce2e.exe

Resource

win10v2004-20241007-en

cybergate antivirus newp2p discovery persistence stealer trojan upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

antivirus NEWP2P

C2

teddypause.no-ip.org:6659

127.0.0.1:6659

Mutex

swgfndbfgvdwxtyntxn15yt4nxd

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./none/
ftp_interval
30
injected_process
svchost.exe
install_dir
system
install_file
ExplorerWindows.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
hedge
regkey_hkcu
ExplorerWindows
regkey_hklm
ExplorerWindows

Targets

- Target
  
  JaffaCakes118_1cc838b42cf4315cb3e1ad1de69bce2e
- Size
  
  468KB
- MD5
  
  1cc838b42cf4315cb3e1ad1de69bce2e
- SHA1
  
  a3da7ad64527941fe4164a89c9f9f1fbac0a7049
- SHA256
  
  ca88c3f15cb4aa9ccd0ae8a5e0f302e3c156ef50bfd43c362b5eeb1637e23a55
- SHA512
  
  005aaf1c0e6803e3334d4e37b320500b0fc460440341af96915cadcc65955e9da9faecf023e50043b34a8372d96d4cee94a684bb4e9142d5311afbbc0e7e5010
- SSDEEP
  
  12288:5g5cn10gRYDKfcSOpzFNGnsWX7of/iq/5xwhUZPrA:ku3VoHiFuZPrA
Score

10^/10

cybergate antivirus newp2p discovery persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergateantivirus newp2pdiscoverypersistencestealertrojanupx

behavioral2

cybergateantivirus newp2pdiscoverypersistencestealertrojanupx

© 2018-2025

Terms | Privacy