cybergate | b66194e6db05c9da65c1f7f8192c6fd612552d6b23e0a7b447747d5a73f1a74d | Triage

Submit
Reports

Overview

overview

Static

static

b66194e6db...4d.exe

windows7-x64

b66194e6db...4d.exe

windows10-2004-x64

8

Sharing

General

Target

b66194e6db05c9da65c1f7f8192c6fd612552d6b23e0a7b447747d5a73f1a74d
Size

425KB
Sample

221201-xn12gsah84
MD5

6dc58bf183cf1894f5e150a66f09abc8
SHA1

744280af53860c73425c73c17e7b3c6e90e517c5
SHA256

b66194e6db05c9da65c1f7f8192c6fd612552d6b23e0a7b447747d5a73f1a74d
SHA512

fde7c22d213c3f039ecb44a833ef768fa69568038a1350de8c04038989b6effd7a2f5ba992b3ea6211aa5e9a353a8989abf914fef46a350c3e7dae0af7745da4
SSDEEP

12288:E1dlZo5yLyl6sdKjj8ZdaSIoSbOr4y0FdsJGfrzU:E1dlZo5wsdKjjI0SIoK+IaYnU

Score

10^/10

cybergate youtube persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b66194e6db05c9da65c1f7f8192c6fd612552d6b23e0a7b447747d5a73f1a74d.exe

Resource

win7-20220812-en

cybergate youtube persistence stealer trojan upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

b66194e6db05c9da65c1f7f8192c6fd612552d6b23e0a7b447747d5a73f1a74d.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

youtube

C2

v0idhack.no-ip.biz:2000

Mutex

service

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
service
install_file
service.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
STOP: c000021 a (Error grave del sistema) El proceso del sistema Windows Logon Process termino inesperadamente con un estado 0xc0000135 (0x0000000) Se cerrara el proceso.
message_box_title
Stop c000021a (Error grave del sistema)
password
bruno0907
regkey_hkcu
services
regkey_hklm
service

Targets

- Target
  
  b66194e6db05c9da65c1f7f8192c6fd612552d6b23e0a7b447747d5a73f1a74d
- Size
  
  425KB
- MD5
  
  6dc58bf183cf1894f5e150a66f09abc8
- SHA1
  
  744280af53860c73425c73c17e7b3c6e90e517c5
- SHA256
  
  b66194e6db05c9da65c1f7f8192c6fd612552d6b23e0a7b447747d5a73f1a74d
- SHA512
  
  fde7c22d213c3f039ecb44a833ef768fa69568038a1350de8c04038989b6effd7a2f5ba992b3ea6211aa5e9a353a8989abf914fef46a350c3e7dae0af7745da4
- SSDEEP
  
  12288:E1dlZo5yLyl6sdKjj8ZdaSIoSbOr4y0FdsJGfrzU:E1dlZo5wsdKjjI0SIoK+IaYnU
Score

10^/10

cybergate youtube persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cybergateyoutubepersistencestealertrojanupx

behavioral2

© 2018-2024

Terms | Privacy