cybergate | e22a92a192751ca568942939c56829a1f00067427a809b7b7f77ca88b68f344b | Triage

Submit
Reports

Overview

overview

Static

static

e22a92a192...4b.exe

windows7-x64

e22a92a192...4b.exe

windows10-2004-x64

Sharing

General

Target

e22a92a192751ca568942939c56829a1f00067427a809b7b7f77ca88b68f344b
Size

347KB
Sample

221207-mc2hrsbd4s
MD5

211195ac21eb346fa2daa526a7f6d292
SHA1

1f448ad122f9d3ed3ae89eb0a7851c02bc6be004
SHA256

e22a92a192751ca568942939c56829a1f00067427a809b7b7f77ca88b68f344b
SHA512

c4dc5c2c3a41ee0821866924b3ce21191a63ab6163bcbed5dc60fb57acac3f38ac915d2e1617b76cb0c4b3b8209a37bb5a8c5dcbef1601a963489c6b37859bff
SSDEEP

6144:ZFtTlXtdNCMHIwXFWXOd7YRqG2VSUhZBafR/8+scysK5G6sAebxZ1nW9YrTBsiBH:ZxX7NCA9XFWXP4G0SUhZBSRkmMvsfxZT

Score

10^/10

cybergate 123 persistence stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

e22a92a192751ca568942939c56829a1f00067427a809b7b7f77ca88b68f344b.exe

Resource

win7-20221111-en

cybergate 123 persistence stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

e22a92a192751ca568942939c56829a1f00067427a809b7b7f77ca88b68f344b.exe

Resource

win10v2004-20221111-en

cybergate 123 persistence stealer trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

123

C2

onski123.no-ip.biz:9876

Mutex

3IN7F8CKT1P2EL

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./public_html/logs/
ftp_interval
20
ftp_password
6a8w73bdOO
ftp_port
21
ftp_server
merch4gold.com
ftp_username
merch4go
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
true
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
123456

Targets

- Target
  
  e22a92a192751ca568942939c56829a1f00067427a809b7b7f77ca88b68f344b
- Size
  
  347KB
- MD5
  
  211195ac21eb346fa2daa526a7f6d292
- SHA1
  
  1f448ad122f9d3ed3ae89eb0a7851c02bc6be004
- SHA256
  
  e22a92a192751ca568942939c56829a1f00067427a809b7b7f77ca88b68f344b
- SHA512
  
  c4dc5c2c3a41ee0821866924b3ce21191a63ab6163bcbed5dc60fb57acac3f38ac915d2e1617b76cb0c4b3b8209a37bb5a8c5dcbef1601a963489c6b37859bff
- SSDEEP
  
  6144:ZFtTlXtdNCMHIwXFWXOd7YRqG2VSUhZBafR/8+scysK5G6sAebxZ1nW9YrTBsiBH:ZxX7NCA9XFWXP4G0SUhZBSRkmMvsfxZT
Score

10^/10

cybergate 123 persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

cybergate123persistencestealertrojanupx

behavioral2

cybergate123persistencestealertrojanupx

© 2018-2024

Terms | Privacy