cybergate | 35cb0ceef3f5542a5c6f3e0585eb07c0041df4b695ac92834b621c549a733bc4 | Triage

Submit
Reports

Overview

overview

Static

static

35cb0ceef3...c4.exe

windows7-x64

35cb0ceef3...c4.exe

windows10-2004-x64

Sharing

General

Target

35cb0ceef3f5542a5c6f3e0585eb07c0041df4b695ac92834b621c549a733bc4
Size

524KB
Sample

221126-kkrmesaa8y
MD5

2d66d5b6dbd25544368cba771513e858
SHA1

d64a8d21cd36657168e818dc7eeedff52aa86976
SHA256

35cb0ceef3f5542a5c6f3e0585eb07c0041df4b695ac92834b621c549a733bc4
SHA512

a34d13da811bec4df06f26405b4542488db4719bf83fb4f7bf2c37e6c8e7e0fc03427f0e92235eca2a7e6b1a43d04dd2c73d0e9c14f0f0ed363497e3e0a4504f
SSDEEP

12288:PV15wLR2ts0EXSoGGMKpMG7cIdV6yY/lNRT2Khdt6LkokUkkkkUeGWlpkkkk6kkp:PH8Rg9StGGjyK1dVjY/lNRCUhLLp

Score

10^/10

cybergate rpc gta persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

35cb0ceef3f5542a5c6f3e0585eb07c0041df4b695ac92834b621c549a733bc4.exe

Resource

win7-20220812-en

cybergate rpc gta persistence stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

35cb0ceef3f5542a5c6f3e0585eb07c0041df4b695ac92834b621c549a733bc4.exe

Resource

win10v2004-20220812-en

cybergate rpc gta persistence stealer trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v3.4.2.2

Botnet

RPC GTA

C2

94.102.53.192:1616

Mutex

56MM714CB7PJXN

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
cybergate

Targets

- Target
  
  35cb0ceef3f5542a5c6f3e0585eb07c0041df4b695ac92834b621c549a733bc4
- Size
  
  524KB
- MD5
  
  2d66d5b6dbd25544368cba771513e858
- SHA1
  
  d64a8d21cd36657168e818dc7eeedff52aa86976
- SHA256
  
  35cb0ceef3f5542a5c6f3e0585eb07c0041df4b695ac92834b621c549a733bc4
- SHA512
  
  a34d13da811bec4df06f26405b4542488db4719bf83fb4f7bf2c37e6c8e7e0fc03427f0e92235eca2a7e6b1a43d04dd2c73d0e9c14f0f0ed363497e3e0a4504f
- SSDEEP
  
  12288:PV15wLR2ts0EXSoGGMKpMG7cIdV6yY/lNRT2Khdt6LkokUkkkkUeGWlpkkkk6kkp:PH8Rg9StGGjyK1dVjY/lNRCUhLLp
Score

10^/10

cybergate rpc gta persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cybergaterpc gtapersistencestealertrojanupx

behavioral2

cybergaterpc gtapersistencestealertrojanupx

© 2018-2024

Terms | Privacy