General

  • Target

    117cb3a08ff121b7aad65806bef83b64bb5f80da79795f361d82049ab8a971d7

  • Size

    746KB

  • Sample

    220604-d7xcvscefr

  • MD5

    873a8ec82e58f7917a214c2db6261c4a

  • SHA1

    aa1202e05bedc59846904c73604317c7964d022c

  • SHA256

    117cb3a08ff121b7aad65806bef83b64bb5f80da79795f361d82049ab8a971d7

  • SHA512

    bd4f9bb6870e3adea7a136412751898d407e71e606143073a9e2ce66f56034dc83a0dae04b83c05319a729140b41b57dce37312eb245053ebbda41b4b59f3fee

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

test1231.no-ip.info:6666

Mutex

3434347434554723

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • install_dir

    Windows NT

  • install_file

    svchost.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

  • regkey_hkcu

    HKCU

Targets

    • Target

      117cb3a08ff121b7aad65806bef83b64bb5f80da79795f361d82049ab8a971d7

    • Size

      746KB

    • MD5

      873a8ec82e58f7917a214c2db6261c4a

    • SHA1

      aa1202e05bedc59846904c73604317c7964d022c

    • SHA256

      117cb3a08ff121b7aad65806bef83b64bb5f80da79795f361d82049ab8a971d7

    • SHA512

      bd4f9bb6870e3adea7a136412751898d407e71e606143073a9e2ce66f56034dc83a0dae04b83c05319a729140b41b57dce37312eb245053ebbda41b4b59f3fee

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks