cybergate | fcb91adb326f966afcd8d5febf4018d7cbabec1edbf188d71d49c19e8a9a9cf2 | Triage

Submit
Reports

Overview

overview

Static

static

fcb91adb32...f2.exe

windows7-x64

fcb91adb32...f2.exe

windows10-2004-x64

8

Sharing

General

Target

fcb91adb326f966afcd8d5febf4018d7cbabec1edbf188d71d49c19e8a9a9cf2
Size

340KB
Sample

221003-1y7hsshdf7
MD5

44af810b833a49cc051fa256db903260
SHA1

04cbf8b8281e87cd4c36c3475308b64d51ee2f33
SHA256

fcb91adb326f966afcd8d5febf4018d7cbabec1edbf188d71d49c19e8a9a9cf2
SHA512

0d6ebcb258892b3f2a6dbc498a7ff8ceddc9a4d8be7b070b9efcdb5121b263b9ccd847ee2795f731c65ee9d306b5af8d483743fd64dcd87130365102a255e423
SSDEEP

6144:bgxHtTfQTb6xphJAfJd/t/miD2c+ie3lpnnQAawmLzNuOttMkKuqIYF:mSb6xp7ITEiqczknQAawmvlttMkpqIYF

Score

10^/10

cybergate chrome persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

fcb91adb326f966afcd8d5febf4018d7cbabec1edbf188d71d49c19e8a9a9cf2.exe

Resource

win7-20220812-en

cybergate chrome persistence stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

fcb91adb326f966afcd8d5febf4018d7cbabec1edbf188d71d49c19e8a9a9cf2.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Chrome

C2

glauco69.no-ip.org:7000

Mutex

VCK7S4BUCQR60D

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
Win32
install_file
chrome.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
1234567
regkey_hkcu
Skype
regkey_hklm
Windows

Targets

- Target
  
  fcb91adb326f966afcd8d5febf4018d7cbabec1edbf188d71d49c19e8a9a9cf2
- Size
  
  340KB
- MD5
  
  44af810b833a49cc051fa256db903260
- SHA1
  
  04cbf8b8281e87cd4c36c3475308b64d51ee2f33
- SHA256
  
  fcb91adb326f966afcd8d5febf4018d7cbabec1edbf188d71d49c19e8a9a9cf2
- SHA512
  
  0d6ebcb258892b3f2a6dbc498a7ff8ceddc9a4d8be7b070b9efcdb5121b263b9ccd847ee2795f731c65ee9d306b5af8d483743fd64dcd87130365102a255e423
- SSDEEP
  
  6144:bgxHtTfQTb6xphJAfJd/t/miD2c+ie3lpnnQAawmLzNuOttMkKuqIYF:mSb6xp7ITEiqczknQAawmvlttMkpqIYF
Score

10^/10

cybergate chrome persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cybergatechromepersistencestealertrojanupx

behavioral2

© 2018-2024

Terms | Privacy