cybergate | 5964fe05c76da4380ea84102bbf4bc452d53d1d96d0271db6d6da10f5bada50a | Triage

Submit
Reports

Overview

overview

Static

static

5964fe05c7...0a.exe

windows7-x64

5964fe05c7...0a.exe

windows10-2004-x64

Sharing

General

Target

5964fe05c76da4380ea84102bbf4bc452d53d1d96d0271db6d6da10f5bada50a
Size

276KB
Sample

221127-jr9k5sbb24
MD5

11a45e6b934ecf974d16132b31b91352
SHA1

f0872cafa94a5b4108653590fbf20b2a1fce3e67
SHA256

5964fe05c76da4380ea84102bbf4bc452d53d1d96d0271db6d6da10f5bada50a
SHA512

d9e583d074c9fa9e08fd27f8e6f5083162aedceeff895b1a7d24bdb0a82ffa06b40dd2c575c1d292bad81554839e0412d7d41a22a00fc2be5341d1291eaec05d
SSDEEP

6144:Xk4qmSVmHu1YwXLwTxgDhsmWbC+uu54mTRoC2FwbRKbzJk:098kYcwTe9i94sR8wbRgz

Score

10^/10

cybergate victime persistence stealer trojan upx

Static task

static1

upx victime cybergate

2 signatures

Behavioral task

behavioral1

Sample

5964fe05c76da4380ea84102bbf4bc452d53d1d96d0271db6d6da10f5bada50a.exe

Resource

win7-20221111-en

cybergate victime persistence stealer trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

5964fe05c76da4380ea84102bbf4bc452d53d1d96d0271db6d6da10f5bada50a.exe

Resource

win10v2004-20220812-en

cybergate victime persistence stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Victime

C2

127.0.0.1:81

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
avg antivirus
install_file
avg.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Failed
message_box_title
Error
password
djpostka1
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  5964fe05c76da4380ea84102bbf4bc452d53d1d96d0271db6d6da10f5bada50a
- Size
  
  276KB
- MD5
  
  11a45e6b934ecf974d16132b31b91352
- SHA1
  
  f0872cafa94a5b4108653590fbf20b2a1fce3e67
- SHA256
  
  5964fe05c76da4380ea84102bbf4bc452d53d1d96d0271db6d6da10f5bada50a
- SHA512
  
  d9e583d074c9fa9e08fd27f8e6f5083162aedceeff895b1a7d24bdb0a82ffa06b40dd2c575c1d292bad81554839e0412d7d41a22a00fc2be5341d1291eaec05d
- SSDEEP
  
  6144:Xk4qmSVmHu1YwXLwTxgDhsmWbC+uu54mTRoC2FwbRKbzJk:098kYcwTe9i94sR8wbRgz
Score

10^/10

cybergate victime persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

upxvictimecybergate

behavioral1

cybergatevictimepersistencestealertrojanupx

behavioral2

cybergatevictimepersistencestealertrojanupx

© 2018-2024

Terms | Privacy