cybergate | 117af29c18109c0db3265643381e3f71a8bfc17a2679055f3d01ebdbd0703833 | Triage

Submit
Reports

Overview

overview

Static

static

117af29c18...33.exe

windows7-x64

117af29c18...33.exe

windows10-2004-x64

Sharing

General

Target

117af29c18109c0db3265643381e3f71a8bfc17a2679055f3d01ebdbd0703833
Size

22.0MB
Sample

221201-gry4asba48
MD5

6573e78244159f87aa58d6c744037738
SHA1

4c616f4396630364a17364a1b08ec37a03b97691
SHA256

117af29c18109c0db3265643381e3f71a8bfc17a2679055f3d01ebdbd0703833
SHA512

576805c66e717d622bc368e7103df9d151ca1a528ba99e142dcf7d99eea74c45090925c7cb80889c03abfd9cf851d108cb677c82006b763b88681d10ada8ad16
SSDEEP

12288:4d4EXG0jqGja7xZAk9GNy3Gcxaj4cY5snYT/KQxbeqXfvGISQpP:4dfDOGcXuy3GH0d6ILmRw

Score

10^/10

cybergate abc stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

117af29c18109c0db3265643381e3f71a8bfc17a2679055f3d01ebdbd0703833.exe

Resource

win7-20221111-en

cybergate abc stealer trojan upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

117af29c18109c0db3265643381e3f71a8bfc17a2679055f3d01ebdbd0703833.exe

Resource

win10v2004-20220812-en

cybergate abc stealer trojan upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v3.4.2.2

Botnet

abc

C2

mediaserver32.hopto.org:1050

Mutex

DT77JONX5RBIUG

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
MSMedia
install_file
nvcsvc.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
mypass
regkey_hkcu
MediaHD

Targets

- Target
  
  117af29c18109c0db3265643381e3f71a8bfc17a2679055f3d01ebdbd0703833
- Size
  
  22.0MB
- MD5
  
  6573e78244159f87aa58d6c744037738
- SHA1
  
  4c616f4396630364a17364a1b08ec37a03b97691
- SHA256
  
  117af29c18109c0db3265643381e3f71a8bfc17a2679055f3d01ebdbd0703833
- SHA512
  
  576805c66e717d622bc368e7103df9d151ca1a528ba99e142dcf7d99eea74c45090925c7cb80889c03abfd9cf851d108cb677c82006b763b88681d10ada8ad16
- SSDEEP
  
  12288:4d4EXG0jqGja7xZAk9GNy3Gcxaj4cY5snYT/KQxbeqXfvGISQpP:4dfDOGcXuy3GH0d6ILmRw
Score

10^/10

cybergate abc stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cybergateabcstealertrojanupx

behavioral2

cybergateabcstealertrojanupx

© 2018-2024

Terms | Privacy