cybergate | b3f77b915adafd0d977325ac091435f1e413b0bcb65700cd58482b02e8ff2837

General

Target

b3f77b915adafd0d977325ac091435f1e413b0bcb65700cd58482b02e8ff2837
Size

444KB
Sample

221206-rmnrwahf6z
MD5

18c83f79bdb9c1c3cea796f93cad1b84
SHA1

7f0f0940467306826e1835bff8369f5bea5ec834
SHA256

b3f77b915adafd0d977325ac091435f1e413b0bcb65700cd58482b02e8ff2837
SHA512

3c2b4e61a77901fbb37d3c1a3601610a47c6b445c5ae33c4d5fbc7972b2092b1390514c66b6d4442a249112490100c3446bc13764255e0eb38c0d8358d8e9488
SSDEEP

12288:pnpH4HYWO9z77CWgY+Uc4WB+YggJYK2ggNWrKBmTrA:RpHfz37Zc4WBCgJYlNTBm3A

Score

10^/10

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

Conquer

C2

127.0.0.1:3460

spider2.no-ip.biz:3460

Mutex

0FC8M3II0LMIMB

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./cybergate/
ftp_interval
20
injected_process
explorer.exe
install_dir
Internet
install_file
Spider.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
123

Targets

- Target
  
  b3f77b915adafd0d977325ac091435f1e413b0bcb65700cd58482b02e8ff2837
- Size
  
  444KB
- MD5
  
  18c83f79bdb9c1c3cea796f93cad1b84
- SHA1
  
  7f0f0940467306826e1835bff8369f5bea5ec834
- SHA256
  
  b3f77b915adafd0d977325ac091435f1e413b0bcb65700cd58482b02e8ff2837
- SHA512
  
  3c2b4e61a77901fbb37d3c1a3601610a47c6b445c5ae33c4d5fbc7972b2092b1390514c66b6d4442a249112490100c3446bc13764255e0eb38c0d8358d8e9488
- SSDEEP
  
  12288:pnpH4HYWO9z77CWgY+Uc4WB+YggJYK2ggNWrKBmTrA:RpHfz37Zc4WBCgJYlNTBm3A
Score

10^/10

cybergate conquer persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Molebox Virtualization software
  Detects file using Molebox Virtualization software.
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CyberGate, Rebhip

Molebox Virtualization software

Adds policy Run key to start application

Executes dropped EXE

Modifies Installed Components in the registry

UPX packed file

Checks computer location settings

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2