cybergate | ea2780228052237083b0b15544c2549ca27a69b12e94308cba345805cbb32e9c | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...5a.exe

windows7-x64

JaffaCakes...5a.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_355076449b1d7b1664f9125c446ee75a
Size

529KB
Sample

250126-n7tl3sskdr
MD5

355076449b1d7b1664f9125c446ee75a
SHA1

4048b9a06d6e38284e0e0e1f5bc994c114b3757e
SHA256

ea2780228052237083b0b15544c2549ca27a69b12e94308cba345805cbb32e9c
SHA512

88f8525a6d4454d879571b4ba70e10e92a958523dd2d2429b31937d2601ea8432668b3cd58d80d59e8ff9aef260d1a66335cc42c497c1e555619da46a3b34e4a
SSDEEP

12288:wv4o6FquTh9rzofE9T/BywXZ/kH0EzIuq:8xla/19DXZkH0EMuq

Score

10^/10

cybergate discovery persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_355076449b1d7b1664f9125c446ee75a.exe

Resource

win7-20240903-en

cybergate discovery persistence stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_355076449b1d7b1664f9125c446ee75a.exe

Resource

win10v2004-20241007-en

cybergate discovery persistence stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_355076449b1d7b1664f9125c446ee75a
- Size
  
  529KB
- MD5
  
  355076449b1d7b1664f9125c446ee75a
- SHA1
  
  4048b9a06d6e38284e0e0e1f5bc994c114b3757e
- SHA256
  
  ea2780228052237083b0b15544c2549ca27a69b12e94308cba345805cbb32e9c
- SHA512
  
  88f8525a6d4454d879571b4ba70e10e92a958523dd2d2429b31937d2601ea8432668b3cd58d80d59e8ff9aef260d1a66335cc42c497c1e555619da46a3b34e4a
- SSDEEP
  
  12288:wv4o6FquTh9rzofE9T/BywXZ/kH0EzIuq:8xla/19DXZkH0EMuq
Score

10^/10

cybergate discovery persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatediscoverypersistencestealertrojanupx

behavioral2

cybergatediscoverypersistencestealertrojanupx

© 2018-2025

Terms | Privacy