cybergate | e25ebfb87a0326e43ba09ea8371df8805b7232727aa743db3f42ea5eee8c25a0 | Triage

Submit
Reports

Overview

overview

Static

static

7

f770bdb776...50.exe

windows7-x64

f770bdb776...50.exe

windows10-2004-x64

Sharing

General

Target

f770bdb7761d3f42b657700ca17dbb50
Size

262KB
Sample

231228-zn837shae2
MD5

f770bdb7761d3f42b657700ca17dbb50
SHA1

4747f7948f8b360de18f4fb983137f0184ae466c
SHA256

e25ebfb87a0326e43ba09ea8371df8805b7232727aa743db3f42ea5eee8c25a0
SHA512

99c17571b71690ce59a6c7cc37f3f5180b439cb902979cb615b8570255f5fada08a93212b26e51b68b65d7a51397af0033372604f2be83710ac8cf4f9a268ca4
SSDEEP

6144:rpfsCakZkYdaEndIK4t98O+5NLF8Li5bh5YY8lbqK:rpsnXYdFdqt98OANFuiJhn8VqK

Score

10^/10

cybergate victime aspackv2 persistence stealer trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

f770bdb7761d3f42b657700ca17dbb50.exe

Resource

win7-20231215-en

cybergate victime persistence stealer trojan upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

f770bdb7761d3f42b657700ca17dbb50.exe

Resource

win10v2004-20231215-en

cybergate victime persistence stealer trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

cybergate

Version

v1.02.1

Botnet

victime

C2

127.0.0.1:82

gassper.no-ip.biz:82

Mutex

Pluguin

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./
ftp_interval
30
injected_process
explorer.exe
install_dir
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
VOCÊ FOI HACKEADO ...SEU SISTEMA SERÁ FORMATADO.
message_box_title
LAMMER
password
123456
regkey_hkcu
Avirnt
regkey_hklm
Avgnt

Targets

- Target
  
  f770bdb7761d3f42b657700ca17dbb50
- Size
  
  262KB
- MD5
  
  f770bdb7761d3f42b657700ca17dbb50
- SHA1
  
  4747f7948f8b360de18f4fb983137f0184ae466c
- SHA256
  
  e25ebfb87a0326e43ba09ea8371df8805b7232727aa743db3f42ea5eee8c25a0
- SHA512
  
  99c17571b71690ce59a6c7cc37f3f5180b439cb902979cb615b8570255f5fada08a93212b26e51b68b65d7a51397af0033372604f2be83710ac8cf4f9a268ca4
- SSDEEP
  
  6144:rpfsCakZkYdaEndIK4t98O+5NLF8Li5bh5YY8lbqK:rpsnXYdFdqt98OANFuiJhn8VqK
Score

10^/10

cybergate victime persistence stealer trojan upx
- CyberGate, Rebhip
  CyberGate is a lightweight remote administration tool with a wide array of functionalities.
  trojan stealer cybergate
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cybergatevictimepersistencestealertrojanupx

behavioral2

cybergatevictimepersistencestealertrojanupx

© 2018-2024

Terms | Privacy