General

  • Target

    f11814419118a1f8193bbc7c6466afbcbb49a01add91370007815c2b7aad707c

  • Size

    281KB

  • Sample

    230130-dzgbnsfd86

  • MD5

    6ab0b1871e58247a07f94421b6bdba00

  • SHA1

    1199460ed94b062a0ba1edabc251c7b59b91ebf3

  • SHA256

    f11814419118a1f8193bbc7c6466afbcbb49a01add91370007815c2b7aad707c

  • SHA512

    68b982be0df82a5e5a80122e650f6c176194b8aaaaf269f549e202884a49cb77d3fa876e0db65c0835528fbff4e7f9623d192d1ae93624d8506d8bccb03a3e9d

  • SSDEEP

    6144:sApk4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijwf:scy78QSVnNyhsFMCeSj

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Crack Version

Botnet

remote

C2

127.0.0.1:83

Mutex

366TJ2H33W5525

Attributes
  • enable_keylogger

    true

  • enable_message_box

    true

  • ftp_directory

    ./logs

  • ftp_interval

    30

  • injected_process

    explorer.exe

  • install_dir

    install

  • install_file

    server.exe

  • install_flag

    true

  • keylogger_enable_ftp

    false

  • message_box_caption

    Remote Administration anywhere in the world.

  • message_box_title

    CyberGate

  • password

    123456

Targets

    • Target

      f11814419118a1f8193bbc7c6466afbcbb49a01add91370007815c2b7aad707c

    • Size

      281KB

    • MD5

      6ab0b1871e58247a07f94421b6bdba00

    • SHA1

      1199460ed94b062a0ba1edabc251c7b59b91ebf3

    • SHA256

      f11814419118a1f8193bbc7c6466afbcbb49a01add91370007815c2b7aad707c

    • SHA512

      68b982be0df82a5e5a80122e650f6c176194b8aaaaf269f549e202884a49cb77d3fa876e0db65c0835528fbff4e7f9623d192d1ae93624d8506d8bccb03a3e9d

    • SSDEEP

      6144:sApk4mp8D6WGc/YSlIipBReubLzeh7Yy0DMIdeXijwf:scy78QSVnNyhsFMCeSj

    • CyberGate, Rebhip

      CyberGate is a lightweight remote administration tool with a wide array of functionalities.

MITRE ATT&CK Matrix

Tasks