cybergate | a970dac47c37cec25c70a87f8cf822f48111a3eda49d86b541147e05397f5b08 | Triage

Submit
Reports

Overview

overview

Static

static

a970dac47c...08.exe

windows7-x64

a970dac47c...08.exe

windows10-2004-x64

Sharing

General

Target

a970dac47c37cec25c70a87f8cf822f48111a3eda49d86b541147e05397f5b08
Size

321KB
Sample

221203-a2j9kadd4w
MD5

3605f92f9f70dae80bcf88c1b4440e9b
SHA1

6a3fa16b47fe1b87ba81fd3f33758192f75fae97
SHA256

a970dac47c37cec25c70a87f8cf822f48111a3eda49d86b541147e05397f5b08
SHA512

b57e26e71acc015675a47f82f12d970ba3d77f3b49679c1109e22a57567f862aa489ed77594e8d275281e09d10236e0d309e3d8b41b09e9f08e24711d80aa77b
SSDEEP

6144:wOpslFlqyhdBCkWYxuukP1pjSKSNVkq/MVJbX:wwslnTBd47GLRMTbX

Score

10^/10

cybergate system persistence stealer trojan upx

Static task

static1

system cybergate

1 signatures

Behavioral task

behavioral1

Sample

a970dac47c37cec25c70a87f8cf822f48111a3eda49d86b541147e05397f5b08.exe

Resource

win7-20220812-en

cybergate system persistence stealer trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

a970dac47c37cec25c70a87f8cf822f48111a3eda49d86b541147e05397f5b08.exe

Resource

win10v2004-20221111-en

cybergate system persistence stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

System

C2

andrei.no-ip.info:3090

Mutex

461QD44X22882F

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
WinDir
install_file
svchost.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Don't be scary. This application doesn't work beacuse at you PC apeears a error at opening.
message_box_title
Error...
password
1234567
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  a970dac47c37cec25c70a87f8cf822f48111a3eda49d86b541147e05397f5b08
- Size
  
  321KB
- MD5
  
  3605f92f9f70dae80bcf88c1b4440e9b
- SHA1
  
  6a3fa16b47fe1b87ba81fd3f33758192f75fae97
- SHA256
  
  a970dac47c37cec25c70a87f8cf822f48111a3eda49d86b541147e05397f5b08
- SHA512
  
  b57e26e71acc015675a47f82f12d970ba3d77f3b49679c1109e22a57567f862aa489ed77594e8d275281e09d10236e0d309e3d8b41b09e9f08e24711d80aa77b
- SSDEEP
  
  6144:wOpslFlqyhdBCkWYxuukP1pjSKSNVkq/MVJbX:wwslnTBd47GLRMTbX
Score

10^/10

cybergate system persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

systemcybergate

behavioral1

cybergatesystempersistencestealertrojanupx

behavioral2

cybergatesystempersistencestealertrojanupx

© 2018-2024

Terms | Privacy