cybergate | 495b077aae031b219becd4bb8f0faa9ac32ddc3149a6c98f66786a907710397f | Triage

Sharing

General

Target

495b077aae031b219becd4bb8f0faa9ac32ddc3149a6c98f66786a907710397f
Size

1.1MB
Sample

221123-w3qnmadf63
MD5

53468cfccd41f5744b5550eb5a26634d
SHA1

a7cbb1e6e42c8360790909301a19edaf12452eb6
SHA256

495b077aae031b219becd4bb8f0faa9ac32ddc3149a6c98f66786a907710397f
SHA512

0f37f711e287b06ec436f43d78b9ecc9605b86bed9561d50f91a1f481bf178736cb577813b1722dfc6f423793c64627f5fb16299f5739d3e4edf9c32b266d162
SSDEEP

6144:qecUiFbXyGlXswee92tDXPNAsbo7+MEzOe37pG6S:qB5CofJ92BlTo7Njq7pG

Score

10^/10

cybergate victim stealer trojan

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

VICTIM

C2

omarion.no-ip.biz:82

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
Drivr
install_file
system23.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
123
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  495b077aae031b219becd4bb8f0faa9ac32ddc3149a6c98f66786a907710397f
- Size
  
  1.1MB
- MD5
  
  53468cfccd41f5744b5550eb5a26634d
- SHA1
  
  a7cbb1e6e42c8360790909301a19edaf12452eb6
- SHA256
  
  495b077aae031b219becd4bb8f0faa9ac32ddc3149a6c98f66786a907710397f
- SHA512
  
  0f37f711e287b06ec436f43d78b9ecc9605b86bed9561d50f91a1f481bf178736cb577813b1722dfc6f423793c64627f5fb16299f5739d3e4edf9c32b266d162
- SSDEEP
  
  6144:qecUiFbXyGlXswee92tDXPNAsbo7+MEzOe37pG6S:qB5CofJ92BlTo7Njq7pG
Score

10^/10

cybergate victim stealer trojan
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cybergatevictimstealertrojan

behavioral2