cybergate | 42e067befc7d3493834802bb28318a65592b7b3aeeb3f34759dea0b2e9b1815f | Triage

Submit
Reports

Overview

overview

Static

static

42e067befc...5f.exe

windows7_x64

42e067befc...5f.exe

windows10_x64

Sharing

General

Target

42e067befc7d3493834802bb28318a65592b7b3aeeb3f34759dea0b2e9b1815f
Size

428KB
Sample

220130-bjyvnscdgk
MD5

dd0965b9bb4d8fa833b59ab41b405c0b
SHA1

b9ca6f8b25ffd8fa66194fc826037d667039e830
SHA256

42e067befc7d3493834802bb28318a65592b7b3aeeb3f34759dea0b2e9b1815f
SHA512

d617eac8f1d4d18101e5844f9c5fd1113dc7a63e254721c0b7e170e44d13f7015e08a34f25677faeeb0b924aebded2a3d0ed2ad764cb8cda26f50db0b97b7353

Score

10^/10

cybergate victem persistence stealer trojan upx

Static task

static1

victem cybergate

Behavioral task

behavioral1

Sample

42e067befc7d3493834802bb28318a65592b7b3aeeb3f34759dea0b2e9b1815f.exe

Resource

win7-en-20211208

cybergate victem persistence stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

42e067befc7d3493834802bb28318a65592b7b3aeeb3f34759dea0b2e9b1815f.exe

Resource

win10-en-20211208

cybergate victem persistence stealer trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

cybergate

Version

v3.4.2.2

Botnet

VicTeM

C2

31.9.48.84:82

31.9.48.84:999

Mutex

1B05SV4C37885F

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./htdocs
ftp_interval
30
ftp_password
678494
ftp_port
21
ftp_server
ftp.eb2a.com
ftp_username
eb2a_13865594
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
true
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
963963
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  42e067befc7d3493834802bb28318a65592b7b3aeeb3f34759dea0b2e9b1815f
- Size
  
  428KB
- MD5
  
  dd0965b9bb4d8fa833b59ab41b405c0b
- SHA1
  
  b9ca6f8b25ffd8fa66194fc826037d667039e830
- SHA256
  
  42e067befc7d3493834802bb28318a65592b7b3aeeb3f34759dea0b2e9b1815f
- SHA512
  
  d617eac8f1d4d18101e5844f9c5fd1113dc7a63e254721c0b7e170e44d13f7015e08a34f25677faeeb0b924aebded2a3d0ed2ad764cb8cda26f50db0b97b7353
Score

10^/10

cybergate victem persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

victemcybergate

behavioral1

cybergatevictempersistencestealertrojanupx

behavioral2

cybergatevictempersistencestealertrojanupx

© 2018-2024

Terms | Privacy