General

  • Target

    e43af533c291559f4b6507521659585d9128a82c15ca2533593fbddd7366a8d9

  • Size

    799KB

  • Sample

    221106-hxl7csbfeq

  • MD5

    0a96e4f9d8439f6b06017bc0dc37e381

  • SHA1

    f2bae85567af84006cbffd58cacb0d8a47150cc9

  • SHA256

    e43af533c291559f4b6507521659585d9128a82c15ca2533593fbddd7366a8d9

  • SHA512

    b84c902bf7b968a911c70731401c04a7f3041604bc66cba8d2cca695b803f2512fb147b5bc47108d6323e7c084e7bfdca0a6718bdbff255ae1d78a3d38f6d41c

  • SSDEEP

    24576:1aGWYMCoXl3nmBJVzOMrIrkVFhB5TIFd5zd:1vWQo1320/rkGFp

Malware Config

Targets

    • Target

      e43af533c291559f4b6507521659585d9128a82c15ca2533593fbddd7366a8d9

    • Size

      799KB

    • MD5

      0a96e4f9d8439f6b06017bc0dc37e381

    • SHA1

      f2bae85567af84006cbffd58cacb0d8a47150cc9

    • SHA256

      e43af533c291559f4b6507521659585d9128a82c15ca2533593fbddd7366a8d9

    • SHA512

      b84c902bf7b968a911c70731401c04a7f3041604bc66cba8d2cca695b803f2512fb147b5bc47108d6323e7c084e7bfdca0a6718bdbff255ae1d78a3d38f6d41c

    • SSDEEP

      24576:1aGWYMCoXl3nmBJVzOMrIrkVFhB5TIFd5zd:1vWQo1320/rkGFp

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    • Adds policy Run key to start application

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks