cybergate | b272460741b873f8e5237dc42a0df832f9b1b22e19246be61d4f01c59e5f4899 | Triage

Submit
Reports

Overview

overview

Static

static

b272460741...99.exe

windows7-x64

b272460741...99.exe

windows10-2004-x64

Sharing

General

Target

b272460741b873f8e5237dc42a0df832f9b1b22e19246be61d4f01c59e5f4899
Size

341KB
Sample

221203-se9j2sah73
MD5

f6963bf35872677c0951f80e1045d600
SHA1

6dea92224609c87bf40230343d0d3a3a3e2a838a
SHA256

b272460741b873f8e5237dc42a0df832f9b1b22e19246be61d4f01c59e5f4899
SHA512

52b2419a59c8ced6562a90d6f561452f7028e424a3b613abe8d1f7a29d6365fc701aef38ffdfcbb38aba339cf94b6aab4cea755a7abedee2c14c664c03d1d90b
SSDEEP

6144:0jWhODe3QFouyyvz4SSNpwQzRUZLQigaHRYkGYYxvOKUwygamiXY0354u:0C40Q+uys4SSNKKRKya8YYxmKazmeYyv

Score

10^/10

cybergate victime persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b272460741b873f8e5237dc42a0df832f9b1b22e19246be61d4f01c59e5f4899.exe

Resource

win7-20220812-en

cybergate victime persistence stealer trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

b272460741b873f8e5237dc42a0df832f9b1b22e19246be61d4f01c59e5f4899.exe

Resource

win10v2004-20220812-en

cybergate victime persistence stealer trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

victime

C2

pedologiciel.no-ip.org:81

Mutex

A65C25I36501N8

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
windir
install_file
svchost.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Le bot Dofus n'est pas compatible avec votre Ordinateur actuel. Merci d'essayer de relancer le bot sur un nouvel ordinateur
message_box_title
INCOMPATIBLE
password
123456
regkey_hkcu
svchost.exe
regkey_hklm
svchost.exe

Targets

- Target
  
  b272460741b873f8e5237dc42a0df832f9b1b22e19246be61d4f01c59e5f4899
- Size
  
  341KB
- MD5
  
  f6963bf35872677c0951f80e1045d600
- SHA1
  
  6dea92224609c87bf40230343d0d3a3a3e2a838a
- SHA256
  
  b272460741b873f8e5237dc42a0df832f9b1b22e19246be61d4f01c59e5f4899
- SHA512
  
  52b2419a59c8ced6562a90d6f561452f7028e424a3b613abe8d1f7a29d6365fc701aef38ffdfcbb38aba339cf94b6aab4cea755a7abedee2c14c664c03d1d90b
- SSDEEP
  
  6144:0jWhODe3QFouyyvz4SSNpwQzRUZLQigaHRYkGYYxvOKUwygamiXY0354u:0C40Q+uys4SSNKKRKya8YYxmKazmeYyv
Score

10^/10

cybergate victime persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cybergatevictimepersistencestealertrojanupx

behavioral2

cybergatevictimepersistencestealertrojanupx

© 2018-2024

Terms | Privacy