cybergate | 6c0b16b56aaf396d98fd6fe549ca189ce8843293cda2821d144dfcf2940c3bba | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...85.exe

windows7-x64

JaffaCakes...85.exe

windows10-2004-x64

8

Sharing

General

Target

JaffaCakes118_2113a1d4477693a33344eceed14bcd85
Size

544KB
Sample

250223-qk6dgazps4
MD5

2113a1d4477693a33344eceed14bcd85
SHA1

f7f61e899ef61d2476a703597ca3a0ae8c7d46f0
SHA256

6c0b16b56aaf396d98fd6fe549ca189ce8843293cda2821d144dfcf2940c3bba
SHA512

8d35900a447b79b50a2f89dcf1b33b6902375d357138cbc1063082be6040cfaa1620d018c39d5b0e0271efe2fc6493ff00f0c9647c0fcb452ad71a5d622482c0
SSDEEP

12288:Gxskp77JzTJ7cpPcQbN+CtUnn1upivw3wg6LMt9Rqz7sw:Fs1T1cp/p+CIn1yq7gCOqkw

Score

10^/10

cybergate cyber discovery persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_2113a1d4477693a33344eceed14bcd85.exe

Resource

win7-20241010-en

cybergate cyber discovery persistence stealer trojan upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_2113a1d4477693a33344eceed14bcd85.exe

Resource

win10v2004-20250217-en

discovery persistence upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Cyber

C2

tfmclient.zapto.org:100

Mutex

1J56IIJ8774V7N

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
WinDir
install_file
Svchost.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
123456
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  JaffaCakes118_2113a1d4477693a33344eceed14bcd85
- Size
  
  544KB
- MD5
  
  2113a1d4477693a33344eceed14bcd85
- SHA1
  
  f7f61e899ef61d2476a703597ca3a0ae8c7d46f0
- SHA256
  
  6c0b16b56aaf396d98fd6fe549ca189ce8843293cda2821d144dfcf2940c3bba
- SHA512
  
  8d35900a447b79b50a2f89dcf1b33b6902375d357138cbc1063082be6040cfaa1620d018c39d5b0e0271efe2fc6493ff00f0c9647c0fcb452ad71a5d622482c0
- SSDEEP
  
  12288:Gxskp77JzTJ7cpPcQbN+CtUnn1upivw3wg6LMt9Rqz7sw:Fs1T1cp/p+CIn1yq7gCOqkw
Score

10^/10

cybergate cyber discovery persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Cybergate family
  cybergate
- Adds policy Run key to start application
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergatecyberdiscoverypersistencestealertrojanupx

behavioral2

discoverypersistenceupx

© 2018-2025

Terms | Privacy