General
-
Target
140016ea1772b4873fd10c2d513eee77af669b8f932f88d64a5a7ed8ddc7cd46
-
Size
785KB
-
Sample
221003-bzs95aagd3
-
MD5
6f1fd73f65115d25d87c44984cc96ccc
-
SHA1
2b4bbed74ce96ddbc74f31b948d027465c92ee8f
-
SHA256
140016ea1772b4873fd10c2d513eee77af669b8f932f88d64a5a7ed8ddc7cd46
-
SHA512
6af3c3abd3794a4678ea1e6eebef6f04824941186a9f909a13cad52a62c8f1cb2a8f118976af46c521b754de398cd0a3e55666881bc3204ebb76bc5f8b108dad
-
SSDEEP
12288:NbSlIRDqKlYNAcvib0LKqn5VXky4mvK0DuIGxJ55EeuNgSHBbonvhqMmHH988R:ZS6RevcR4P9Duv75cmSynZqMq
Malware Config
Targets
-
-
Target
140016ea1772b4873fd10c2d513eee77af669b8f932f88d64a5a7ed8ddc7cd46
-
Size
785KB
-
MD5
6f1fd73f65115d25d87c44984cc96ccc
-
SHA1
2b4bbed74ce96ddbc74f31b948d027465c92ee8f
-
SHA256
140016ea1772b4873fd10c2d513eee77af669b8f932f88d64a5a7ed8ddc7cd46
-
SHA512
6af3c3abd3794a4678ea1e6eebef6f04824941186a9f909a13cad52a62c8f1cb2a8f118976af46c521b754de398cd0a3e55666881bc3204ebb76bc5f8b108dad
-
SSDEEP
12288:NbSlIRDqKlYNAcvib0LKqn5VXky4mvK0DuIGxJ55EeuNgSHBbonvhqMmHH988R:ZS6RevcR4P9Duv75cmSynZqMq
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-