cybergate | 8eb95429446ef6796db4421503049ffdd5f4cc025e34db5725ee0ecb3f9d26eb | Triage

Sharing

General

Target

8eb95429446ef6796db4421503049ffdd5f4cc025e34db5725ee0ecb3f9d26eb
Size

373KB
Sample

221206-ldhllsgg7z
MD5

d8fd6a57e90f03f54798a4715d3b3a09
SHA1

983f2549f923785375e16f83108fcfc6bec83ea4
SHA256

8eb95429446ef6796db4421503049ffdd5f4cc025e34db5725ee0ecb3f9d26eb
SHA512

eda487e6508200cf779f3318b68a75266fecef357ae51f3cee678a4a320391df0b1bd52652fda29a5bfc4d92b7322b4650eed97d754f308239eb545c814df948
SSDEEP

6144:Drbic2EgMIZd46ye8I/jq62TaMNysfCiWthDRoQu/ok6Qq6Ho2oZqdYV:D/icxgpyeFET6sfCXfRo3QbQhHw

Score

10^/10

cybergate bot stealer trojan

Malware Config

Extracted

Family

cybergate

Version

v1.13.1

Botnet

Bot

C2

hexrut.sytes.net:82

Mutex

D307U5NIDDI0T2

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
system32
install_file
igfxpers.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
890527q
regkey_hkcu
Persistence
regkey_hklm
Persistence

Targets

- Target
  
  8eb95429446ef6796db4421503049ffdd5f4cc025e34db5725ee0ecb3f9d26eb
- Size
  
  373KB
- MD5
  
  d8fd6a57e90f03f54798a4715d3b3a09
- SHA1
  
  983f2549f923785375e16f83108fcfc6bec83ea4
- SHA256
  
  8eb95429446ef6796db4421503049ffdd5f4cc025e34db5725ee0ecb3f9d26eb
- SHA512
  
  eda487e6508200cf779f3318b68a75266fecef357ae51f3cee678a4a320391df0b1bd52652fda29a5bfc4d92b7322b4650eed97d754f308239eb545c814df948
- SSDEEP
  
  6144:Drbic2EgMIZd46ye8I/jq62TaMNysfCiWthDRoQu/ok6Qq6Ho2oZqdYV:D/icxgpyeFET6sfCXfRo3QbQhHw
Score

10^/10

cybergate bot stealer trojan
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cybergatebotstealertrojan

behavioral2