cybergate | e65fb6954206168b9b7acfbedbcfea29b92cf5f761f7622f1eec54eca0573c2d | Triage

Submit
Reports

Overview

overview

Static

static

e65fb69542...2d.exe

windows7-x64

e65fb69542...2d.exe

windows10-2004-x64

Sharing

General

Target

e65fb6954206168b9b7acfbedbcfea29b92cf5f761f7622f1eec54eca0573c2d
Size

458KB
Sample

221124-v932vsab44
MD5

7655b168be775811d0ed9a9f4ba083b8
SHA1

4e6a0112b568b49ae3261e700a92e3efc3cf86bd
SHA256

e65fb6954206168b9b7acfbedbcfea29b92cf5f761f7622f1eec54eca0573c2d
SHA512

08215ceaf3ce46bddc232a44dabae3ccb5a47acd76d47c63d394ce10ca6d25957f0f66acb7e6f24be2cee3e89e2989c67c417893e40cbc21027b1aabd56f5c25
SSDEEP

12288:ZnMi8dvwFdYrYLHme6YazdickUw3R84GYFRLFPJNa:ZMdvwoQm4azdnMTRnN

Score

10^/10

cybergate mikael persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

e65fb6954206168b9b7acfbedbcfea29b92cf5f761f7622f1eec54eca0573c2d.exe

Resource

win7-20220901-en

cybergate mikael persistence stealer trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

e65fb6954206168b9b7acfbedbcfea29b92cf5f761f7622f1eec54eca0573c2d.exe

Resource

win10v2004-20221111-en

cybergate mikael persistence stealer trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Crack Version

Botnet

mikael

C2

mike2375.no-ip.org:7777

Mutex

231V04PN37A683

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
237566

Targets

- Target
  
  e65fb6954206168b9b7acfbedbcfea29b92cf5f761f7622f1eec54eca0573c2d
- Size
  
  458KB
- MD5
  
  7655b168be775811d0ed9a9f4ba083b8
- SHA1
  
  4e6a0112b568b49ae3261e700a92e3efc3cf86bd
- SHA256
  
  e65fb6954206168b9b7acfbedbcfea29b92cf5f761f7622f1eec54eca0573c2d
- SHA512
  
  08215ceaf3ce46bddc232a44dabae3ccb5a47acd76d47c63d394ce10ca6d25957f0f66acb7e6f24be2cee3e89e2989c67c417893e40cbc21027b1aabd56f5c25
- SSDEEP
  
  12288:ZnMi8dvwFdYrYLHme6YazdickUw3R84GYFRLFPJNa:ZMdvwoQm4azdnMTRnN
Score

10^/10

cybergate mikael persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cybergatemikaelpersistencestealertrojanupx

behavioral2

cybergatemikaelpersistencestealertrojanupx

© 2018-2024

Terms | Privacy