cybergate | 12975bce5682b4d6a0849c73a8924f074e9fc12e9807e1773e3d80656851d1d2 | Triage

Submit
Reports

Overview

overview

Static

static

3

4D670AC64F...26.exe

windows7-x64

4D670AC64F...26.exe

windows10-2004-x64

Sharing

General

Target

4D670AC64FAE74BD0C53F58673C6D826.exe
Size

422KB
Sample

231014-ryj8tshd23
MD5

4d670ac64fae74bd0c53f58673c6d826
SHA1

5fcfe71b322f91bc65f58892bb7024d78bb9b43b
SHA256

12975bce5682b4d6a0849c73a8924f074e9fc12e9807e1773e3d80656851d1d2
SHA512

f777331088ec03e39b4370a7958c4187410741ae430582943478cf7558f2c6e8152f4799f7dd121ef79abc0ae126db69ade14ea1227617fb2e50e362cb005427
SSDEEP

6144:WIA2TfeZd+WnuiCrnluCuSD/Tmd6et08DOUlNre2fUOi3Mw4NwoGC0vQhvxeexNh:S2G+WufnQQ/ff8DdNC/Oi3rBvQhUCjV

Score

10^/10

cybergate victima evasion persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4D670AC64FAE74BD0C53F58673C6D826.exe

Resource

win7-20230831-en

cybergate victima evasion persistence stealer trojan upx

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

4D670AC64FAE74BD0C53F58673C6D826.exe

Resource

win10v2004-20230915-en

cybergate victima evasion persistence stealer trojan upx

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

2.6

Botnet

Victima

C2

boxdmz.freeddns.org:81

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
COM HOST.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
gxwd
regkey_hkcu
HKCU
regkey_hklm
HKLM

Targets

- Target
  
  4D670AC64FAE74BD0C53F58673C6D826.exe
- Size
  
  422KB
- MD5
  
  4d670ac64fae74bd0c53f58673c6d826
- SHA1
  
  5fcfe71b322f91bc65f58892bb7024d78bb9b43b
- SHA256
  
  12975bce5682b4d6a0849c73a8924f074e9fc12e9807e1773e3d80656851d1d2
- SHA512
  
  f777331088ec03e39b4370a7958c4187410741ae430582943478cf7558f2c6e8152f4799f7dd121ef79abc0ae126db69ade14ea1227617fb2e50e362cb005427
- SSDEEP
  
  6144:WIA2TfeZd+WnuiCrnluCuSD/Tmd6et08DOUlNre2fUOi3Mw4NwoGC0vQhvxeexNh:S2G+WufnQQ/ff8DdNC/Oi3rBvQhUCjV
Score

10^/10

cybergate victima evasion persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- Windows security bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Impair Defenses

Disable or Modify Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cybergatevictimaevasionpersistencestealertrojanupx

behavioral2

cybergatevictimaevasionpersistencestealertrojanupx

© 2018-2024

Terms | Privacy