cybergate | 7e4f90dc3ccabd1a62488fe8101457269b702f993cc791946399a42197d46de5 | Triage

Submit
Reports

Overview

overview

Static

static

7e4f90dc3c...e5.exe

windows7-x64

7e4f90dc3c...e5.exe

windows10-2004-x64

Sharing

General

Target

7e4f90dc3ccabd1a62488fe8101457269b702f993cc791946399a42197d46de5
Size

274KB
Sample

221123-vta15sch3s
MD5

4526bbbfaec31f5ae5cc93b932717f6b
SHA1

2ec01313ab871f910f2d9fc066ff116dbc9582ea
SHA256

7e4f90dc3ccabd1a62488fe8101457269b702f993cc791946399a42197d46de5
SHA512

468cf546cda7069e970202cd3736d142a71eb353fc679292c131fe4a1512d24a85cd7264b9b1bc20066bb552778cc00ed402c6484d0cdf2356099752b8687812
SSDEEP

6144:8MISq3LUYsnh1fUV1IFvlhGnd7fPWXtXuv:8bdbUYAeVolha7feXtXuv

Score

10^/10

cybergate test2 persistence stealer trojan upx

Static task

static1

upx test2 cybergate

2 signatures

Behavioral task

behavioral1

Sample

7e4f90dc3ccabd1a62488fe8101457269b702f993cc791946399a42197d46de5.exe

Resource

win7-20220812-en

cybergate test2 persistence stealer trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

7e4f90dc3ccabd1a62488fe8101457269b702f993cc791946399a42197d46de5.exe

Resource

win10v2004-20221111-en

cybergate test2 persistence stealer trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

test2

C2

127.0.0.1:83

jembotcok.no-ip.biz:83

192.168.0.1:83

192.168.0.15:83

Mutex

K4U85V8H0G3Q5S

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
svchost.exe
install_dir
temp
install_file
vchost.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
juv3ntus
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  7e4f90dc3ccabd1a62488fe8101457269b702f993cc791946399a42197d46de5
- Size
  
  274KB
- MD5
  
  4526bbbfaec31f5ae5cc93b932717f6b
- SHA1
  
  2ec01313ab871f910f2d9fc066ff116dbc9582ea
- SHA256
  
  7e4f90dc3ccabd1a62488fe8101457269b702f993cc791946399a42197d46de5
- SHA512
  
  468cf546cda7069e970202cd3736d142a71eb353fc679292c131fe4a1512d24a85cd7264b9b1bc20066bb552778cc00ed402c6484d0cdf2356099752b8687812
- SSDEEP
  
  6144:8MISq3LUYsnh1fUV1IFvlhGnd7fPWXtXuv:8bdbUYAeVolha7feXtXuv
Score

10^/10

cybergate test2 persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

upxtest2cybergate

behavioral1

cybergatetest2persistencestealertrojanupx

behavioral2

cybergatetest2persistencestealertrojanupx

© 2018-2024

Terms | Privacy