cybergate | 6ce6114c140ae1a5b71742bd7f9857d89103d5d64d9bd37d7c9670211b6c5c44 | Triage

Submit
Reports

Overview

overview

Static

static

3

3995de6a0a...e8.exe

windows7-x64

3995de6a0a...e8.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

3995de6a0a26ee454ab2cc76e05632e8
Size

1.7MB
Sample

231225-ynqq7aecgm
MD5

3995de6a0a26ee454ab2cc76e05632e8
SHA1

600a0e97a9e248dd260616ebea068a651c8714e4
SHA256

6ce6114c140ae1a5b71742bd7f9857d89103d5d64d9bd37d7c9670211b6c5c44
SHA512

eaff30c7598baccd98139a600e2f55916a6a15231ceca4216139ee9a50f7f92d5f407a61731f71d0239e1e42f60ca99e2552e731dfbb37ac5d265e5ef6470e35
SSDEEP

24576:s//jxKjZ43LbZPsKnaLlFPDcxyUxpGlpUuIi1X7riFEGyuOVUfWPSIPo2I1yulXE:sHjN7tCiWjdl7riD4sRao5Xxk1

Score

10^/10

cybergate remote evasion persistence stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3995de6a0a26ee454ab2cc76e05632e8.exe

Resource

win7-20231129-en

cybergate remote evasion persistence stealer trojan upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

3995de6a0a26ee454ab2cc76e05632e8.exe

Resource

win10v2004-20231215-en

cybergate remote evasion persistence stealer trojan upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.18.0 - Crack Version

Botnet

remote

C2

127.0.0.1:999

microsi.zapto.org:5252

microf.servegame.com:6363

Mutex

AM10U401586N36

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
false
keylogger_enable_ftp
false
message_box_caption
Remote Administration anywhere in the world.
message_box_title
CyberGate
password
merlin

Targets

- Target
  
  3995de6a0a26ee454ab2cc76e05632e8
- Size
  
  1.7MB
- MD5
  
  3995de6a0a26ee454ab2cc76e05632e8
- SHA1
  
  600a0e97a9e248dd260616ebea068a651c8714e4
- SHA256
  
  6ce6114c140ae1a5b71742bd7f9857d89103d5d64d9bd37d7c9670211b6c5c44
- SHA512
  
  eaff30c7598baccd98139a600e2f55916a6a15231ceca4216139ee9a50f7f92d5f407a61731f71d0239e1e42f60ca99e2552e731dfbb37ac5d265e5ef6470e35
- SSDEEP
  
  24576:s//jxKjZ43LbZPsKnaLlFPDcxyUxpGlpUuIi1X7riFEGyuOVUfWPSIPo2I1yulXE:sHjN7tCiWjdl7riD4sRao5Xxk1
Score

10^/10

cybergate remote evasion persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cybergateremoteevasionpersistencestealertrojanupx

behavioral2

cybergateremoteevasionpersistencestealertrojanupx

© 2018-2025

Terms | Privacy