cybergate | 35a01085fdb1a4e5ebc031487575a213c917d037013ad93292b71b9de9821c61 | Triage

Submit
Reports

Overview

overview

Static

static

3

161a7c4ffa...72.exe

windows7-x64

161a7c4ffa...72.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

161a7c4ffa6106e220cfefe9c10b3b72
Size

404KB
Sample

231224-2hmdcsebdq
MD5

161a7c4ffa6106e220cfefe9c10b3b72
SHA1

12b72211dd6dee06b95121ed7af76e99864432bd
SHA256

35a01085fdb1a4e5ebc031487575a213c917d037013ad93292b71b9de9821c61
SHA512

d03539169d21634f68be177fe4cc69c295fc1b7c0107fdb8fa1a6098c4117b4e5ccf744e2278c1b3bc109b956bf3a987e0792b8a5b8cbacdf30050375c794e04
SSDEEP

12288:lKmuY3v9CN+JDUrKPdDCRM11GrIJPge4ag:lKnY3vkNkUr4d2RHkpgeS

Score

10^/10

cybergate remote persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

161a7c4ffa6106e220cfefe9c10b3b72.exe

Resource

win7-20231215-en

cybergate remote persistence stealer trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

161a7c4ffa6106e220cfefe9c10b3b72.exe

Resource

win10v2004-20231215-en

cybergate remote persistence stealer trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

remote

C2

127.0.0.1:100

Mutex

JX517J2VY0M62Q

Attributes

enable_keylogger
false
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
180125

Targets

- Target
  
  161a7c4ffa6106e220cfefe9c10b3b72
- Size
  
  404KB
- MD5
  
  161a7c4ffa6106e220cfefe9c10b3b72
- SHA1
  
  12b72211dd6dee06b95121ed7af76e99864432bd
- SHA256
  
  35a01085fdb1a4e5ebc031487575a213c917d037013ad93292b71b9de9821c61
- SHA512
  
  d03539169d21634f68be177fe4cc69c295fc1b7c0107fdb8fa1a6098c4117b4e5ccf744e2278c1b3bc109b956bf3a987e0792b8a5b8cbacdf30050375c794e04
- SSDEEP
  
  12288:lKmuY3v9CN+JDUrKPdDCRM11GrIJPge4ag:lKnY3vkNkUr4d2RHkpgeS
Score

10^/10

cybergate remote persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergateremotepersistencestealertrojanupx

behavioral2

cybergateremotepersistencestealertrojanupx

© 2018-2025

Terms | Privacy