General

  • Target

    18cb8446df56da23dad9484a921d21e3f494f54a494e1b8140d0e3a6079648db

  • Size

    176KB

  • Sample

    220608-tfz8faeffl

  • MD5

    1a3316cd329b3b7f8e64ea9203c8cf46

  • SHA1

    33a72864ea30f5405d087084302f004683e66847

  • SHA256

    18cb8446df56da23dad9484a921d21e3f494f54a494e1b8140d0e3a6079648db

  • SHA512

    9ff48fc06f201d0f050e45ce5ad01d4c3c16bce8ac46d969aec92e3a5d64d5d31b3f8d9da9d1bfaa16419970a4c14cca16d7f4849db0b11c139d49841d90a9f9

Malware Config

Extracted

Family

cybergate

Version

2.2

Botnet

vítima

C2

127.0.0.1:81

Mutex

***MUTEX***

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    texto da mensagem

  • message_box_title

    título da mensagem

  • password

    abcd1234

Targets

    • Target

      18cb8446df56da23dad9484a921d21e3f494f54a494e1b8140d0e3a6079648db

    • Size

      176KB

    • MD5

      1a3316cd329b3b7f8e64ea9203c8cf46

    • SHA1

      33a72864ea30f5405d087084302f004683e66847

    • SHA256

      18cb8446df56da23dad9484a921d21e3f494f54a494e1b8140d0e3a6079648db

    • SHA512

      9ff48fc06f201d0f050e45ce5ad01d4c3c16bce8ac46d969aec92e3a5d64d5d31b3f8d9da9d1bfaa16419970a4c14cca16d7f4849db0b11c139d49841d90a9f9

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Adds policy Run key to start application

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v6

Tasks