cybergate | 20fd7494aeb9aa2c7e05fb29d19244be0cdebd4c622ce0bbc8a970e1d4134ac9 | Triage

Submit
Reports

Overview

overview

Static

static

20fd7494ae...c9.exe

windows7-x64

8

20fd7494ae...c9.exe

windows10-2004-x64

Sharing

General

Target

20fd7494aeb9aa2c7e05fb29d19244be0cdebd4c622ce0bbc8a970e1d4134ac9
Size

1.4MB
Sample

221002-jv1gmsega8
MD5

72a6654facc78bccf4b6c9cccc42009f
SHA1

136db819b268b912600c8929f5a1d8997fbb3af6
SHA256

20fd7494aeb9aa2c7e05fb29d19244be0cdebd4c622ce0bbc8a970e1d4134ac9
SHA512

3c6c4e1ff288fcaf1d32463dfb5983138cf23c0565e254b71f3d4f1bb9ce72c96cc3e335c637abdf760a1e1f4067341d7958552901cec7d88c1d10a5fdb82835
SSDEEP

24576:3wNHiSwZQ11j1310o3l9gGhQOK0Znjq+Ini5+:MH19IOKcnOG5+

Score

10^/10

cybergate remote001 persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

20fd7494aeb9aa2c7e05fb29d19244be0cdebd4c622ce0bbc8a970e1d4134ac9.exe

Resource

win7-20220812-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

20fd7494aeb9aa2c7e05fb29d19244be0cdebd4c622ce0bbc8a970e1d4134ac9.exe

Resource

win10v2004-20220812-en

cybergate remote001 persistence stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

remote001

C2

del.no-ip.info:3081

Mutex

5DM378843KGI1A

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
bug1.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
0624
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  20fd7494aeb9aa2c7e05fb29d19244be0cdebd4c622ce0bbc8a970e1d4134ac9
- Size
  
  1.4MB
- MD5
  
  72a6654facc78bccf4b6c9cccc42009f
- SHA1
  
  136db819b268b912600c8929f5a1d8997fbb3af6
- SHA256
  
  20fd7494aeb9aa2c7e05fb29d19244be0cdebd4c622ce0bbc8a970e1d4134ac9
- SHA512
  
  3c6c4e1ff288fcaf1d32463dfb5983138cf23c0565e254b71f3d4f1bb9ce72c96cc3e335c637abdf760a1e1f4067341d7958552901cec7d88c1d10a5fdb82835
- SSDEEP
  
  24576:3wNHiSwZQ11j1310o3l9gGhQOK0Znjq+Ini5+:MH19IOKcnOG5+
Score

10^/10

upx cybergate remote001 persistence stealer trojan
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

cybergateremote001persistencestealertrojanupx

© 2018-2025

Terms | Privacy