cybergate | af783bdb90245836483b385826baeedbf948f0f547e8d872c45177ced4cbf5dd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

af783bdb90245836483b385826baeedbf948f0f547e8d872c45177ced4cbf5dd
Size

308KB
Sample

221020-yfm1bscad7
MD5

a02e999f6aec99fdc0a6e63cf835bee0
SHA1

1513a1088a79bf5afac7a3afeb99c39bc6ea1ea8
SHA256

af783bdb90245836483b385826baeedbf948f0f547e8d872c45177ced4cbf5dd
SHA512

a9ff32174c1d9136cfdc30cce4a1d385849fa33a08701586c6829a981583fbed531b1f513137d01f16ea7a83e54a872bfd52d697cfb61d01101e4a9283bf634e
SSDEEP

6144:sd77UGb3ir2GKWvrTyfzbvUun7ZLgI4l47twzHa/K38Py9:sd7gs3ir2G3DT8zb3ZLa47tka/K38

Score

10^/10

cybergate vítima stealer trojan

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

vítima

C2

bazooka.no-ip.org:81

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
dllx.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
#12fga14.dll est introuvable!
message_box_title
information !!!!
password
abcd1234
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  af783bdb90245836483b385826baeedbf948f0f547e8d872c45177ced4cbf5dd
- Size
  
  308KB
- MD5
  
  a02e999f6aec99fdc0a6e63cf835bee0
- SHA1
  
  1513a1088a79bf5afac7a3afeb99c39bc6ea1ea8
- SHA256
  
  af783bdb90245836483b385826baeedbf948f0f547e8d872c45177ced4cbf5dd
- SHA512
  
  a9ff32174c1d9136cfdc30cce4a1d385849fa33a08701586c6829a981583fbed531b1f513137d01f16ea7a83e54a872bfd52d697cfb61d01101e4a9283bf634e
- SSDEEP
  
  6144:sd77UGb3ir2GKWvrTyfzbvUun7ZLgI4l47twzHa/K38Py9:sd7gs3ir2G3DT8zb3ZLa47tka/K38
Score

10^/10

cybergate vítima stealer trojan
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cybergatevítimastealertrojan

behavioral2

cybergatevítimastealertrojan