Overview

overview

10

Static

static

ff4e102f1a...65.exe

windows7-x64

10

ff4e102f1a...65.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    188s
  • max time network
    193s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 16:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ff4e102f1ad1544c9ea50d5d109ddbf19c509055a96c7b6c0df97bd08206ea65.exe

  • Size

    327KB

  • MD5

    3e5540dd7fc5e673f68498cc90d4c3d0

  • SHA1

    b5148f72e533c354b198969817c9cc96a4406a27

  • SHA256

    ff4e102f1ad1544c9ea50d5d109ddbf19c509055a96c7b6c0df97bd08206ea65

  • SHA512

    4dfad9ac5288d8bfab33022b6369d15fab4e05fcaee6460cc1063b97df994205e9ace8441fa727a9ffb21eefc6262a8d6fed64c011ee2c1289a7e0fd0d152ba1

  • SSDEEP

    6144:PeXs/KPJ7bEBGxrRxa0N/1OG6je2V9ItoZTanYPFyUBFyUZtjRQP3ZQ7fBAr:PYEKh7blxzaU5uItoZTHdXBFPlR4K7fa

Score
10/10
cybergatestealertrojan

Malware Config

Signatures

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff4e102f1ad1544c9ea50d5d109ddbf19c509055a96c7b6c0df97bd08206ea65.exe
    "C:\Users\Admin\AppData\Local\Temp\ff4e102f1ad1544c9ea50d5d109ddbf19c509055a96c7b6c0df97bd08206ea65.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4624
    • C:\Users\Admin\AppData\Local\Temp\ff4e102f1ad1544c9ea50d5d109ddbf19c509055a96c7b6c0df97bd08206ea65.exe
      C:\Users\Admin\AppData\Local\Temp\ff4e102f1ad1544c9ea50d5d109ddbf19c509055a96c7b6c0df97bd08206ea65.exe
      2⤵
        PID:4532
      • C:\Users\Admin\AppData\Local\Temp\ff4e102f1ad1544c9ea50d5d109ddbf19c509055a96c7b6c0df97bd08206ea65.exe
        C:\Users\Admin\AppData\Local\Temp\ff4e102f1ad1544c9ea50d5d109ddbf19c509055a96c7b6c0df97bd08206ea65.exe
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3316
        • C:\Users\Admin\AppData\Local\Temp\ff4e102f1ad1544c9ea50d5d109ddbf19c509055a96c7b6c0df97bd08206ea65.exe
          C:\Users\Admin\AppData\Local\Temp\ff4e102f1ad1544c9ea50d5d109ddbf19c509055a96c7b6c0df97bd08206ea65.exe
          3⤵
            PID:4768
          • C:\Users\Admin\AppData\Local\Temp\ff4e102f1ad1544c9ea50d5d109ddbf19c509055a96c7b6c0df97bd08206ea65.exe
            C:\Users\Admin\AppData\Local\Temp\ff4e102f1ad1544c9ea50d5d109ddbf19c509055a96c7b6c0df97bd08206ea65.exe
            3⤵
              PID:1664

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\ff4e102f1ad1544c9ea50d5d109ddbf19c509055a96c7b6c0df97bd08206ea65.exe.log
          Filesize

          224B

          MD5

          1e4f2a29e11dead55e61329942cd2b14

          SHA1

          4b3ec9b98797d2f734d67b47cc149546f21cf0af

          SHA256

          28bbb0da12bd69adc9df324c01392655b788115aba7466f02c23e1ba09f789d4

          SHA512

          2e28227d898486bfe1cea081df486464b214df50500786e30d6ee9e7d6391f3aacd2f1ed1d0eab60d518bbc79f20f32c226f00ffd70abfe9af45a746cb08416c

          Download Submit
        • memory/3316-133-0x0000000000000000-mapping.dmp
          Download
        • memory/3316-134-0x00007FF895120000-0x00007FF895B56000-memory.dmp
          Filesize

          10.2MB

          Download
        • memory/4624-132-0x00007FF895120000-0x00007FF895B56000-memory.dmp
          Filesize

          10.2MB

          Download