cybergate | 02c63c0cce1e060680336a9568e4c2fa909278cb3bb8268bc73d2a7a7afe9289 | Triage

Submit
Reports

Overview

overview

Static

static

02c63c0cce...89.exe

windows7-x64

02c63c0cce...89.exe

windows10-2004-x64

Sharing

General

Target

02c63c0cce1e060680336a9568e4c2fa909278cb3bb8268bc73d2a7a7afe9289
Size

365KB
Sample

221122-zespvsbf8x
MD5

0a7937c722a563063e1f667ee123b363
SHA1

bc4d67d9bd19ea2c1be729f64092aab77c5a0380
SHA256

02c63c0cce1e060680336a9568e4c2fa909278cb3bb8268bc73d2a7a7afe9289
SHA512

6e5727ecbdf5596d5391c39a478ea54c123d22cb5adedb54f44d61a0f835dcc9611030ee6cf41b1d3a580fc51aa929f86c42588f3e7a81ad4a2f0b08cb3029d7
SSDEEP

6144:Rk4qms9F4JHZo4X55SxHg/DBK6x1QRorjChcf/5G3EnbJduZsG/WUQTpS7eNZFY/:G95F4JTkxk+8Q2GUbL0DW3dS7eNLY/

Score

10^/10

cybergate victima persistence stealer trojan upx

Static task

static1

upx victima cybergate

2 signatures

Behavioral task

behavioral1

Sample

02c63c0cce1e060680336a9568e4c2fa909278cb3bb8268bc73d2a7a7afe9289.exe

Resource

win7-20220812-en

cybergate victima persistence stealer trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

02c63c0cce1e060680336a9568e4c2fa909278cb3bb8268bc73d2a7a7afe9289.exe

Resource

win10v2004-20221111-en

cybergate victima persistence stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Victima

C2

frank1un12.sytes.net:4321

Mutex

***xxMUTEXxx***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
System_Installer
install_file
System32
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
jak123
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  02c63c0cce1e060680336a9568e4c2fa909278cb3bb8268bc73d2a7a7afe9289
- Size
  
  365KB
- MD5
  
  0a7937c722a563063e1f667ee123b363
- SHA1
  
  bc4d67d9bd19ea2c1be729f64092aab77c5a0380
- SHA256
  
  02c63c0cce1e060680336a9568e4c2fa909278cb3bb8268bc73d2a7a7afe9289
- SHA512
  
  6e5727ecbdf5596d5391c39a478ea54c123d22cb5adedb54f44d61a0f835dcc9611030ee6cf41b1d3a580fc51aa929f86c42588f3e7a81ad4a2f0b08cb3029d7
- SSDEEP
  
  6144:Rk4qms9F4JHZo4X55SxHg/DBK6x1QRorjChcf/5G3EnbJduZsG/WUQTpS7eNZFY/:G95F4JTkxk+8Q2GUbL0DW3dS7eNLY/
Score

10^/10

cybergate victima persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

upxvictimacybergate

behavioral1

cybergatevictimapersistencestealertrojanupx

behavioral2

cybergatevictimapersistencestealertrojanupx

© 2018-2024

Terms | Privacy