cybergate | 97cb1bf7596b230fd0018747e04f0ec722d509d6faa0ab5bdb508eec87145010 | Triage

Submit
Reports

Overview

overview

Static

static

3

ba2e1aa7a8...ef.exe

windows7-x64

ba2e1aa7a8...ef.exe

windows10-2004-x64

Sharing

General

Target

ba2e1aa7a839398cd07c02107ff13aef
Size

364KB
Sample

231227-3dyq9schh8
MD5

ba2e1aa7a839398cd07c02107ff13aef
SHA1

1de597a131d4d7f34468379133300b97722ee8af
SHA256

97cb1bf7596b230fd0018747e04f0ec722d509d6faa0ab5bdb508eec87145010
SHA512

ece4ae9222551dfde43f24820e1ba97adba4f6af8e267610629de4a9ed46e96fb41bbb66cce913cd88f847635d7cf37326d49b6c43e5485df662f18cf75777c6
SSDEEP

6144:Qi+LCTsboLAT4AnVc2G+StQ5el6eUJNY0shWM9THuoCq+ik17cScf:4LCT8EATxef+e6hJVm9Du5ikG3

Score

10^/10

cybergate lammer stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ba2e1aa7a839398cd07c02107ff13aef.exe

Resource

win7-20231215-en

cybergate lammer stealer trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

ba2e1aa7a839398cd07c02107ff13aef.exe

Resource

win10v2004-20231215-en

cybergate lammer stealer trojan upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.02.1

Botnet

Lammer

C2

127.0.0.1:81

Mutex

Pluguin

Attributes

enable_keylogger
true
enable_message_box
true
ftp_directory
./
ftp_interval
30
injected_process
explorer.exe
install_dir
Microsoft
install_file
Pluguin.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
VOCÊ FOI HACKEADO ...SEU SISTEMA SERÁ FORMATADO.
message_box_title
LAMMER
password
123

Targets

- Target
  
  ba2e1aa7a839398cd07c02107ff13aef
- Size
  
  364KB
- MD5
  
  ba2e1aa7a839398cd07c02107ff13aef
- SHA1
  
  1de597a131d4d7f34468379133300b97722ee8af
- SHA256
  
  97cb1bf7596b230fd0018747e04f0ec722d509d6faa0ab5bdb508eec87145010
- SHA512
  
  ece4ae9222551dfde43f24820e1ba97adba4f6af8e267610629de4a9ed46e96fb41bbb66cce913cd88f847635d7cf37326d49b6c43e5485df662f18cf75777c6
- SSDEEP
  
  6144:Qi+LCTsboLAT4AnVc2G+StQ5el6eUJNY0shWM9THuoCq+ik17cScf:4LCT8EATxef+e6hJVm9Du5ikG3
Score

10^/10

cybergate lammer stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cybergatelammerstealertrojanupx

behavioral2

cybergatelammerstealertrojanupx

© 2018-2024

Terms | Privacy