cybergate | af07dcf42d94e00e9b44c4b10b9caba23d47705210bd6945930ca44bf1c933eb | Triage

Submit
Reports

Overview

overview

Static

static

af07dcf42d...eb.exe

windows7-x64

af07dcf42d...eb.exe

windows10-2004-x64

Sharing

General

Target

af07dcf42d94e00e9b44c4b10b9caba23d47705210bd6945930ca44bf1c933eb
Size

360KB
Sample

221127-sng66abf7v
MD5

adeb89e005317ed8ebd2210ffe3424b6
SHA1

ba7b12cd5163bf6b44c23494c1d1d17ebd6f007a
SHA256

af07dcf42d94e00e9b44c4b10b9caba23d47705210bd6945930ca44bf1c933eb
SHA512

0d8f9ff28cb88128edd1a4e58037e9f67693478aa1097e0aff5935f871a43c806e363a31c715d6159f997ff33c215f415c5e3b110bf4598df896b22c253871e4
SSDEEP

6144:dXicc/18K2N++X/F/DZ363XvbTG+5IW8M2pRMJW/yEjzPKPyi40gcwHi2:dXicc/19+tl36nzH5ILMy6t40gjj

Score

10^/10

cybergate victime persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

af07dcf42d94e00e9b44c4b10b9caba23d47705210bd6945930ca44bf1c933eb.exe

Resource

win7-20221111-en

cybergate victime persistence stealer trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

af07dcf42d94e00e9b44c4b10b9caba23d47705210bd6945930ca44bf1c933eb.exe

Resource

win10v2004-20220901-en

cybergate victime persistence stealer trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

victime

C2

tamere.no-ip.org:1604

Mutex

O22677E3DY4N74

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
winlogon
install_file
svchost.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
1234
regkey_hklm
explorer.exe

Targets

- Target
  
  af07dcf42d94e00e9b44c4b10b9caba23d47705210bd6945930ca44bf1c933eb
- Size
  
  360KB
- MD5
  
  adeb89e005317ed8ebd2210ffe3424b6
- SHA1
  
  ba7b12cd5163bf6b44c23494c1d1d17ebd6f007a
- SHA256
  
  af07dcf42d94e00e9b44c4b10b9caba23d47705210bd6945930ca44bf1c933eb
- SHA512
  
  0d8f9ff28cb88128edd1a4e58037e9f67693478aa1097e0aff5935f871a43c806e363a31c715d6159f997ff33c215f415c5e3b110bf4598df896b22c253871e4
- SSDEEP
  
  6144:dXicc/18K2N++X/F/DZ363XvbTG+5IW8M2pRMJW/yEjzPKPyi40gcwHi2:dXicc/19+tl36nzH5ILMy6t40gjj
Score

10^/10

cybergate victime persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cybergatevictimepersistencestealertrojanupx

behavioral2

cybergatevictimepersistencestealertrojanupx

© 2018-2024

Terms | Privacy