cybergate | 7e7ae948f4baff0c49d6fd78895f9b0b0fb37966292635ee26498582b1883994

Sharing

Copy URL

Twitter E-mail

General

Target

1ce5a4c7d5dadcc57da9d0254ed57573_JaffaCakes118
Size

566KB
Sample

240701-3bxq7awejh
MD5

1ce5a4c7d5dadcc57da9d0254ed57573
SHA1

67150925278670d4928e40ff8f91bcc20c24a4f5
SHA256

7e7ae948f4baff0c49d6fd78895f9b0b0fb37966292635ee26498582b1883994
SHA512

ea9205c3ef0043c85e4ac80da411116288ab224806fd8d612832811de29fa0c54de9cb6762afda60e81271e38906d0fbddac2bd63aaa0e07419da6b793a6f35f
SSDEEP

12288:5auprIKAIK1lmSpsZ6ajrbIF31FiSvsIU5VauZgYmvj:5nprz3K1lmSyrjq1FvsIU5VaIZE

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Flex

fatville.no-ip.org:1338

farmville54321.zapto.org:1338

bluecar.myvnc.com:27020

bluecar.no-ip.org:27020

bluecar.sytes.net:27020

Mutex

SUUP76A060008K

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
vetikke456

Extracted

Family

latentbot

farmville54321.zapto.org

Targets

- Target
  
  1ce5a4c7d5dadcc57da9d0254ed57573_JaffaCakes118
- Size
  
  566KB
- MD5
  
  1ce5a4c7d5dadcc57da9d0254ed57573
- SHA1
  
  67150925278670d4928e40ff8f91bcc20c24a4f5
- SHA256
  
  7e7ae948f4baff0c49d6fd78895f9b0b0fb37966292635ee26498582b1883994
- SHA512
  
  ea9205c3ef0043c85e4ac80da411116288ab224806fd8d612832811de29fa0c54de9cb6762afda60e81271e38906d0fbddac2bd63aaa0e07419da6b793a6f35f
- SSDEEP
  
  12288:5auprIKAIK1lmSpsZ6ajrbIF31FiSvsIU5VauZgYmvj:5nprz3K1lmSyrjq1FvsIU5VaIZE
Score

10^/10

cybergate latentbot flex stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- LatentBot
  Modular trojan written in Delphi which has been in-the-wild since 2013.
  trojan latentbot
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

CyberGate, Rebhip

LatentBot

Executes dropped EXE

Loads dropped DLL

UPX packed file

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2