cybergate | d9f3b1c1c711bf673104d56810d4b1da201d80380d416702cd8f4e756d4f8eae | Triage

Submit
Reports

Overview

overview

Static

static

d9f3b1c1c7...ae.exe

windows7-x64

d9f3b1c1c7...ae.exe

windows10-2004-x64

Sharing

General

Target

d9f3b1c1c711bf673104d56810d4b1da201d80380d416702cd8f4e756d4f8eae
Size

503KB
Sample

221020-jwlpwaceeq
MD5

80a46e98cfa4fc8d93fdb5ab42913e8e
SHA1

840c5193fd1d1569db809db8081f3c3a40928727
SHA256

d9f3b1c1c711bf673104d56810d4b1da201d80380d416702cd8f4e756d4f8eae
SHA512

264134075a3830d8058564f0effe3ca86decf3e9bbb54472a79fe028bb7427dafb19bbaf465a5dc6aa326bdb59b496d1ce1fad0cee646332c686da3116533e20
SSDEEP

12288:uFXS2fxugbRlyVL8wsjSo82v4MhCUMEOs3fDN8s3zAwqL/5No:XCHUgqoh9Oi58tNo

Score

10^/10

cybergate h persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

d9f3b1c1c711bf673104d56810d4b1da201d80380d416702cd8f4e756d4f8eae.exe

Resource

win7-20220812-en

cybergate h persistence stealer trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

d9f3b1c1c711bf673104d56810d4b1da201d80380d416702cd8f4e756d4f8eae.exe

Resource

win10v2004-20220812-en

cybergate h persistence stealer trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

h

C2

rushaan.no-ip.org:80

127.0.0.1:80

127.0.0.1:100

Mutex

8TAV3B23760774

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
kernel
install_file
svhost
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
9425012255

Targets

- Target
  
  d9f3b1c1c711bf673104d56810d4b1da201d80380d416702cd8f4e756d4f8eae
- Size
  
  503KB
- MD5
  
  80a46e98cfa4fc8d93fdb5ab42913e8e
- SHA1
  
  840c5193fd1d1569db809db8081f3c3a40928727
- SHA256
  
  d9f3b1c1c711bf673104d56810d4b1da201d80380d416702cd8f4e756d4f8eae
- SHA512
  
  264134075a3830d8058564f0effe3ca86decf3e9bbb54472a79fe028bb7427dafb19bbaf465a5dc6aa326bdb59b496d1ce1fad0cee646332c686da3116533e20
- SSDEEP
  
  12288:uFXS2fxugbRlyVL8wsjSo82v4MhCUMEOs3fDN8s3zAwqL/5No:XCHUgqoh9Oi58tNo
Score

10^/10

cybergate h persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cybergatehpersistencestealertrojanupx

behavioral2

cybergatehpersistencestealertrojanupx

© 2018-2024

Terms | Privacy