cybergate | 74d669ccebb8b42bb8bf0838c1ebb7df071d622a002b8d6cca331019ca461464 | Triage

Submit
Reports

Overview

overview

Static

static

74d669cceb...64.exe

windows7-x64

74d669cceb...64.exe

windows10-2004-x64

Sharing

General

Target

74d669ccebb8b42bb8bf0838c1ebb7df071d622a002b8d6cca331019ca461464
Size

443KB
Sample

221201-dpn9jadc8w
MD5

39c88858827a3852c4d16b5068040d18
SHA1

d6e51686d86ddb9fe52490af3a9196ab08429e75
SHA256

74d669ccebb8b42bb8bf0838c1ebb7df071d622a002b8d6cca331019ca461464
SHA512

0c42208239cdb51f3c2150e9a031a1853b452a76c54127de26a22653f5319bf3c1a3822617cf7db9ec64bd104075af9a926af058b84ad773cc28d4aa6b93abe1
SSDEEP

12288:tE7q6Bm8aQP2vsrENCxBUSuWRfrS1+eHEW0+:ttE2vsrE2UkRTa+eHE

Score

10^/10

cybergate remote persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

74d669ccebb8b42bb8bf0838c1ebb7df071d622a002b8d6cca331019ca461464.exe

Resource

win7-20221111-en

cybergate remote persistence stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

74d669ccebb8b42bb8bf0838c1ebb7df071d622a002b8d6cca331019ca461464.exe

Resource

win10v2004-20220812-en

cybergate remote persistence stealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

remote

C2

markinhuss.no-ip.biz:88

Mutex

AB5P4WRH160725

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
cybergate

Targets

- Target
  
  74d669ccebb8b42bb8bf0838c1ebb7df071d622a002b8d6cca331019ca461464
- Size
  
  443KB
- MD5
  
  39c88858827a3852c4d16b5068040d18
- SHA1
  
  d6e51686d86ddb9fe52490af3a9196ab08429e75
- SHA256
  
  74d669ccebb8b42bb8bf0838c1ebb7df071d622a002b8d6cca331019ca461464
- SHA512
  
  0c42208239cdb51f3c2150e9a031a1853b452a76c54127de26a22653f5319bf3c1a3822617cf7db9ec64bd104075af9a926af058b84ad773cc28d4aa6b93abe1
- SSDEEP
  
  12288:tE7q6Bm8aQP2vsrENCxBUSuWRfrS1+eHEW0+:ttE2vsrE2UkRTa+eHE
Score

10^/10

cybergate remote persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Uses the VBS compiler for execution
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergateremotepersistencestealertrojanupx

behavioral2

cybergateremotepersistencestealertrojanupx

© 2018-2024

Terms | Privacy