cybergate | 8603885c3a86ce815f630bdc10c7ac44a558c62df89bac5c3a850902f3680f57 | Triage

Submit
Reports

Overview

overview

Static

static

8603885c3a...57.exe

windows7-x64

8603885c3a...57.exe

windows10-2004-x64

Sharing

General

Target

8603885c3a86ce815f630bdc10c7ac44a558c62df89bac5c3a850902f3680f57
Size

825KB
Sample

221205-1wfmasec7s
MD5

a8f080371495aa716102d7c95b8d45c1
SHA1

1c262215b12ff7740110ca16fd06e371ad196c79
SHA256

8603885c3a86ce815f630bdc10c7ac44a558c62df89bac5c3a850902f3680f57
SHA512

6e8f1b6ed89f9f9dca1f58f3f043faad4c15f418c0ac1a93a42cd5cb17c6ad6690a02f22ca3b7e6778812b9b8b5b356fac7364a71a63aa0cbf23cf0946d9893e
SSDEEP

12288:CcD663gTSP7VMTN6CGBkGC9hVwv03PfgjXir0hPVZXKB8VKO8KdRZ2zkPaCxm:CbmVu6CGBpurpRmtds8VV8KdRZOklQ

Score

10^/10

cybergate youtube persistence stealer trojan upx

Static task

static1

youtube cybergate

1 signatures

Behavioral task

behavioral1

Sample

8603885c3a86ce815f630bdc10c7ac44a558c62df89bac5c3a850902f3680f57.exe

Resource

win7-20221111-en

cybergate youtube persistence stealer trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

8603885c3a86ce815f630bdc10c7ac44a558c62df89bac5c3a850902f3680f57.exe

Resource

win10v2004-20221111-en

cybergate youtube persistence stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

YouTube

C2

magaiver2.no-ip.org:2000

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
avast.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
123
regkey_hkcu
Win32
regkey_hklm
Win32

Targets

- Target
  
  8603885c3a86ce815f630bdc10c7ac44a558c62df89bac5c3a850902f3680f57
- Size
  
  825KB
- MD5
  
  a8f080371495aa716102d7c95b8d45c1
- SHA1
  
  1c262215b12ff7740110ca16fd06e371ad196c79
- SHA256
  
  8603885c3a86ce815f630bdc10c7ac44a558c62df89bac5c3a850902f3680f57
- SHA512
  
  6e8f1b6ed89f9f9dca1f58f3f043faad4c15f418c0ac1a93a42cd5cb17c6ad6690a02f22ca3b7e6778812b9b8b5b356fac7364a71a63aa0cbf23cf0946d9893e
- SSDEEP
  
  12288:CcD663gTSP7VMTN6CGBkGC9hVwv03PfgjXir0hPVZXKB8VKO8KdRZ2zkPaCxm:CbmVu6CGBpurpRmtds8VV8KdRZOklQ
Score

10^/10

cybergate youtube persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

youtubecybergate

behavioral1

cybergateyoutubepersistencestealertrojanupx

behavioral2

cybergateyoutubepersistencestealertrojanupx

© 2018-2024

Terms | Privacy