General
-
Target
b5820955e9e488312bd1d6787e55aa0310adbe0108bca90a98c8678c9182ea62
-
Size
3.1MB
-
Sample
221123-l1b3cacg44
-
MD5
713f0e4f5d1d025eb5a2feb578520767
-
SHA1
34873086330b0c142a1bc56986c3a883027aba01
-
SHA256
b5820955e9e488312bd1d6787e55aa0310adbe0108bca90a98c8678c9182ea62
-
SHA512
087e9d556da525269bc5daf793d355951cb69e0e17728c51294d7769a72b232a9014a84c03afae6c6bbdb2e05ba211f02b3526d34e502cb06d33e65c848b7326
-
SSDEEP
98304:xtrbTA1GBYx/sEkmgEHiTx72blrCXDgYXY66FiN:jc1mYWEkmgECZ2blrCXDgYX68N
Malware Config
Extracted
cybergate
v3.4.2.2
NEW
joujounette974.ddns.net:8027
8LO785716L517K
-
enable_keylogger
true
-
enable_message_box
false
-
ftp_directory
./logs
-
ftp_interval
30
-
injected_process
explorer.exe
-
install_dir
install
-
install_file
server.exe
-
install_flag
false
-
keylogger_enable_ftp
false
-
message_box_caption
Remote Administration anywhere in the world.
-
message_box_title
CyberGate
-
password
123456
Targets
-
-
Target
b5820955e9e488312bd1d6787e55aa0310adbe0108bca90a98c8678c9182ea62
-
Size
3.1MB
-
MD5
713f0e4f5d1d025eb5a2feb578520767
-
SHA1
34873086330b0c142a1bc56986c3a883027aba01
-
SHA256
b5820955e9e488312bd1d6787e55aa0310adbe0108bca90a98c8678c9182ea62
-
SHA512
087e9d556da525269bc5daf793d355951cb69e0e17728c51294d7769a72b232a9014a84c03afae6c6bbdb2e05ba211f02b3526d34e502cb06d33e65c848b7326
-
SSDEEP
98304:xtrbTA1GBYx/sEkmgEHiTx72blrCXDgYXY66FiN:jc1mYWEkmgECZ2blrCXDgYX68N
Score10/10-
CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
-
Modifies WinLogon for persistence
-
Adds policy Run key to start application
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-