cybergate | 22f422762b16cccb41b57dc75c3b261de8a61e798144314d3631dfac2915b7d9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

252c356fb8571afe86029c641e48ee54
Size

339KB
Sample

231225-rpy1maaeg2
MD5

252c356fb8571afe86029c641e48ee54
SHA1

4ed7a5a186a0652095dd820251f798210d7db370
SHA256

22f422762b16cccb41b57dc75c3b261de8a61e798144314d3631dfac2915b7d9
SHA512

4de35fa2a972a7ea1da58b831c1593d31f608d88a42a13d64d365fafda980f2869208a85c7b48ad4d4f39da86ceb3f2e42ac35c478dda96a9715f65500d01d2a
SSDEEP

6144:vR8caEQHKZfMzuw01C0JJWfvorT1AYoqaeomYhc3z22ItMvTz0:JlaEQRzuJEDfAriZmYQ2HMbz0

Score

10^/10

cybergate r00t_vics stealer trojan

Malware Config

Extracted

Family

cybergate

Version

v1.07.5

Botnet

r00t_vics

C2

freewaybong.no-ip.info:6666

Mutex

5RH0H12P3JM254

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
cybergate

Targets

- Target
  
  Acoustica.Pianissimo.v1.012.VSTi.WORKING.exe
- Size
  
  370KB
- MD5
  
  90d21d2af66801a50b5159bf86ac4b82
- SHA1
  
  f3a5077ae1510d51783365a6e7fbfb7d1417e22d
- SHA256
  
  88ef10706d880a6e6d02cbbeb35623fb7cb0ac1c8c6f9a7c0d5840632521c4a3
- SHA512
  
  5ec4d725ccc3bd88105ca641f7f60f3bed6b06bc693e71c43367b58c65c8ef13409a85107f717ac87bb8e9ea06d3c27198555fd8372761961eeeaf6218c7a363
- SSDEEP
  
  6144:Gqc4TCp2NtU+3Ffazn/qQU+lwdVl3KmIuV4/t/7GVIwgZYkpKye:Gh4Tc+3Fs/PTlw/J7V4BGSwsYk9e
Score

10^/10

cybergate r00t_vics stealer trojan
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

cybergater00t_vicsstealertrojan

behavioral2