cybergate | 59d52d48e0f04a9081dba51212e5d26409b23697b0d62e767ba80a6e9c49ef69 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...13.exe

windows10-2004-x64

7

Sharing

General

Target

JaffaCakes118_ac09a51fe6bc6c78dd314d5eea880f13
Size

281KB
Sample

250410-3kvcesvwgy
MD5

ac09a51fe6bc6c78dd314d5eea880f13
SHA1

34a83ec9629a3f4a74511acb29ca3c566e5db6ab
SHA256

59d52d48e0f04a9081dba51212e5d26409b23697b0d62e767ba80a6e9c49ef69
SHA512

61c03317ae6e04a2fd1ddbf8043b825c88cea037d2cd4d56ec1ad8c0348461d70d538cfec5fd848cb4270e045f72c94287b4fafa211b55ac3e4005ee7f124f6f
SSDEEP

6144:+y+phkTwlTLfkixFUQKf3D7TnBAZ5qhbxF:7+pu0lYixsfvDBAzK9F

Score

10^/10

cybergate remote discovery upx

Static task

static1

remote cybergate

2 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_ac09a51fe6bc6c78dd314d5eea880f13.exe

Resource

win10v2004-20250410-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.11.0 - Public Version

Botnet

remote

C2

127.0.0.1:13347

Mutex

QPM05DPQO8K1T3

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
CG2server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world. PWNED
message_box_title
CyberGate
password
root

Targets

- Target
  
  JaffaCakes118_ac09a51fe6bc6c78dd314d5eea880f13
- Size
  
  281KB
- MD5
  
  ac09a51fe6bc6c78dd314d5eea880f13
- SHA1
  
  34a83ec9629a3f4a74511acb29ca3c566e5db6ab
- SHA256
  
  59d52d48e0f04a9081dba51212e5d26409b23697b0d62e767ba80a6e9c49ef69
- SHA512
  
  61c03317ae6e04a2fd1ddbf8043b825c88cea037d2cd4d56ec1ad8c0348461d70d538cfec5fd848cb4270e045f72c94287b4fafa211b55ac3e4005ee7f124f6f
- SSDEEP
  
  6144:+y+phkTwlTLfkixFUQKf3D7TnBAZ5qhbxF:7+pu0lYixsfvDBAzK9F
Score

7^/10

discovery upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

remotecybergate

behavioral1

© 2018-2025

Terms | Privacy