Overview

overview

10

Static

static

8

23B164D8C4...33.exe

windows7_x64

10

23B164D8C4...33.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    23B164D8C48B45A03A7E80640E53A233.exe

  • Size

    312KB

  • Sample

    210506-6y2357nq86

  • MD5

    23b164d8c48b45a03a7e80640e53a233

  • SHA1

    0a2e835662940927e63d510e955839e4ffdf0b69

  • SHA256

    70a9324fd74829cb87228210962e4b68747f6203b4de74e061d67fc4b7f5da51

  • SHA512

    91bc27fb283068a358986c03be925404f2eac56016da52c99cf3df519dbadb08d52f83b5ea654cd39d6b56c8bc2e3cf1b6306e98167d7c4facd22fcc298ac7fb

Score
10/10
cybergatepersistencestealertrojanupx

Malware Config

Targets

    • Target

      23B164D8C48B45A03A7E80640E53A233.exe

    • Size

      312KB

    • MD5

      23b164d8c48b45a03a7e80640e53a233

    • SHA1

      0a2e835662940927e63d510e955839e4ffdf0b69

    • SHA256

      70a9324fd74829cb87228210962e4b68747f6203b4de74e061d67fc4b7f5da51

    • SHA512

      91bc27fb283068a358986c03be925404f2eac56016da52c99cf3df519dbadb08d52f83b5ea654cd39d6b56c8bc2e3cf1b6306e98167d7c4facd22fcc298ac7fb

    Score
    10/10
    cybergatepersistencestealertrojanupx

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

      trojanstealercybergate

    • Adds policy Run key to start application

      persistence

    • Executes dropped EXE

    • Modifies Installed Components in the registry

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

3
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks