cybergate | 74b282a44fb5ca94711babbdcd2a00eb31a59781659af5bde9b5faa94b118c8c | Triage

Submit
Reports

Overview

overview

Static

static

74b282a44f...8c.exe

windows7-x64

74b282a44f...8c.exe

windows10-2004-x64

Sharing

General

Target

74b282a44fb5ca94711babbdcd2a00eb31a59781659af5bde9b5faa94b118c8c
Size

543KB
Sample

221124-mcaeaaba8y
MD5

84612233d33318568a3cccececa3f807
SHA1

7f8bbe325854c7e760d02003ab555c7a25776683
SHA256

74b282a44fb5ca94711babbdcd2a00eb31a59781659af5bde9b5faa94b118c8c
SHA512

6b788021a45e0a1da5d3fa7e8e4c5a60b578bf0678ebb75f23591d162c7caf295532240e06765b948032f9d809564863d0d2712984e37d8a3832dbc3e0fe8560
SSDEEP

12288:YSFT9HXzy4NgSOuqKL8IeRQzPer6SqAtLtjDEM61l8Yw:YSrV0uqKL8IFir6SLL9DJUl8

Score

10^/10

cybergate levieux100 persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

74b282a44fb5ca94711babbdcd2a00eb31a59781659af5bde9b5faa94b118c8c.exe

Resource

win7-20220901-en

cybergate levieux100 persistence stealer trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

74b282a44fb5ca94711babbdcd2a00eb31a59781659af5bde9b5faa94b118c8c.exe

Resource

win10v2004-20221111-en

cybergate levieux100 persistence stealer trojan upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Trial version

Botnet

Levieux100

C2

levieux.no-ip.biz:82

Mutex

31GKW73W8BBJTV

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
5
ftp_password
AZerty123
ftp_port
21
ftp_server
ftp.membres.multimania.fr
ftp_username
hosse211
injected_process
explorer.exe
install_dir
Winupdate
install_file
svchost.exe
install_flag
true
keylogger_enable_ftp
true
message_box_caption
Veuillez Reéxecuter en tant q' Administrateur
message_box_title
CyberGate
password
azerty123
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  74b282a44fb5ca94711babbdcd2a00eb31a59781659af5bde9b5faa94b118c8c
- Size
  
  543KB
- MD5
  
  84612233d33318568a3cccececa3f807
- SHA1
  
  7f8bbe325854c7e760d02003ab555c7a25776683
- SHA256
  
  74b282a44fb5ca94711babbdcd2a00eb31a59781659af5bde9b5faa94b118c8c
- SHA512
  
  6b788021a45e0a1da5d3fa7e8e4c5a60b578bf0678ebb75f23591d162c7caf295532240e06765b948032f9d809564863d0d2712984e37d8a3832dbc3e0fe8560
- SSDEEP
  
  12288:YSFT9HXzy4NgSOuqKL8IeRQzPer6SqAtLtjDEM61l8Yw:YSrV0uqKL8IFir6SLL9DJUl8
Score

10^/10

cybergate levieux100 persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cybergatelevieux100persistencestealertrojanupx

behavioral2

cybergatelevieux100persistencestealertrojanupx

© 2018-2024

Terms | Privacy