Overview

overview

10

Static

static

d08e5ac494...24.exe

windows7-x64

10

d08e5ac494...24.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    98s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2022 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d08e5ac4940c1fa02ac1e02f40a2d4d9824989aeb5aa5dcc02c20e77d3917f24.exe

  • Size

    372KB

  • MD5

    bf7ebf50d9ba184a5be612cf7bbc9970

  • SHA1

    1e2beb2e30780e4a81d5e1de7e71e081704fd34e

  • SHA256

    d08e5ac4940c1fa02ac1e02f40a2d4d9824989aeb5aa5dcc02c20e77d3917f24

  • SHA512

    10da80adc93aa7b6c8a788d3c5afdf30d5675c5c597e4139ff021930ceb8a781a2e0f740e2c18bec784a6b7d24c404b92f7f064ee49e108eac5f48d28c5b3fec

  • SSDEEP

    6144:AsFVptTEzuhnZaMSXIPoEShjSX3KYv4hNqPA1iZFl0JFvuWUNtV:A6VEKRk3lEsSnb4hNEKmFl0J9WNtV

Score
10/10
cybergatevictimastealertrojanupx

Malware Config

Extracted

Family

cybergate

Version

v1.04.8

Botnet

victima

C2

juegosbuenos.no-ip.org:7777

juegosbuenos.no-ip.org:8888
Mutex

JXA662P6726BS1

Attributes
  • enable_keylogger

    true

  • enable_message_box

    false

  • ftp_directory

    ./logs/

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    sys

  • install_file

    svhost.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Please try later

  • message_box_title

    Error

  • password

    willemsil

  • regkey_hkcu

    HKCU

  • regkey_hklm

    HKLM

Signatures

  • CyberGate, Rebhip

    CyberGate is a lightweight remote administration tool with a wide array of functionalities.

    trojanstealercybergate
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d08e5ac4940c1fa02ac1e02f40a2d4d9824989aeb5aa5dcc02c20e77d3917f24.exe
    "C:\Users\Admin\AppData\Local\Temp\d08e5ac4940c1fa02ac1e02f40a2d4d9824989aeb5aa5dcc02c20e77d3917f24.exe"
    1⤵
      PID:1728
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 480
        2⤵
        • Program crash
        PID:5048
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 500
        2⤵
        • Program crash
        PID:3696
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1728 -ip 1728
      1⤵
        PID:212
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1728 -ip 1728
        1⤵
          PID:4464

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1728-132-0x0000000000A40000-0x0000000000B04000-memory.dmp
          Filesize

          784KB

          Download
        • memory/1728-133-0x0000000000400000-0x00000000004C4000-memory.dmp
          Filesize

          784KB

          Download
        • memory/1728-135-0x0000000000400000-0x00000000004C4000-memory.dmp
          Filesize

          784KB

          Download
        • memory/1728-136-0x0000000000400000-0x00000000004C4000-memory.dmp
          Filesize

          784KB

          Download