cybergate | b97f16b75b2522ea30f217e7fc7831c37a38d7ebfc30ca46359abd3f3624aff3 | Triage

Submit
Reports

Overview

overview

Static

static

b97f16b75b...f3.exe

windows7-x64

b97f16b75b...f3.exe

windows10-2004-x64

Sharing

General

Target

b97f16b75b2522ea30f217e7fc7831c37a38d7ebfc30ca46359abd3f3624aff3
Size

461KB
Sample

221204-czq1fahf84
MD5

45534195afd36071c6127a31a50415a8
SHA1

2782267ca60fcc138adcd2b3b3bda0c2f7b584f3
SHA256

b97f16b75b2522ea30f217e7fc7831c37a38d7ebfc30ca46359abd3f3624aff3
SHA512

0d441dfad134bec110ce08fb40eca753bf109582606c1a221f0c9a6cdca2479b3f4ebc091a268725a53b73e45af672d762656d7df3fda993cbbdb334b8c6a915
SSDEEP

12288:WP1FVkA1lkLe6TxR2EkAKZj1f5VCurFmGM:+DVtlkL10DZxf581n

Score

10^/10

cybergate 01 evasion persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

b97f16b75b2522ea30f217e7fc7831c37a38d7ebfc30ca46359abd3f3624aff3.exe

Resource

win7-20220901-en

cybergate 01 evasion persistence stealer trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

b97f16b75b2522ea30f217e7fc7831c37a38d7ebfc30ca46359abd3f3624aff3.exe

Resource

win10v2004-20221111-en

cybergate 01 evasion persistence stealer trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.01.18

Botnet

01

C2

homepepe.dyndns.org:4321

mandanga.blogdns.com:4321

Mutex

los2

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
avgPro
install_file
avgPro.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
1qaz

Targets

- Target
  
  b97f16b75b2522ea30f217e7fc7831c37a38d7ebfc30ca46359abd3f3624aff3
- Size
  
  461KB
- MD5
  
  45534195afd36071c6127a31a50415a8
- SHA1
  
  2782267ca60fcc138adcd2b3b3bda0c2f7b584f3
- SHA256
  
  b97f16b75b2522ea30f217e7fc7831c37a38d7ebfc30ca46359abd3f3624aff3
- SHA512
  
  0d441dfad134bec110ce08fb40eca753bf109582606c1a221f0c9a6cdca2479b3f4ebc091a268725a53b73e45af672d762656d7df3fda993cbbdb334b8c6a915
- SSDEEP
  
  12288:WP1FVkA1lkLe6TxR2EkAKZj1f5VCurFmGM:+DVtlkL10DZxf581n
Score

10^/10

cybergate 01 evasion persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Executes dropped EXE
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cybergate01evasionpersistencestealertrojanupx

behavioral2

cybergate01evasionpersistencestealertrojanupx

© 2018-2024

Terms | Privacy